CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added last week•8 views

EUVD-2026-36111

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...

7.5CVSS5.5AI score0.00147EPSS

Vulnrichment•added last week•4 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

8.4CVSS6.4AI score0.00397EPSS

Exploits0References3

AlpineLinux•added last week•10 views

CVE-2026-46529

8.4CVSS6.5AI score0.00397EPSS

Exploits0

CVE•added last week•16 views

CVE-2026-20252

Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...

Exploits0References1Affected Software1

EUVD•added last week•6 views

EUVD-2026-36086

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to...

Vulnrichment•added last week•5 views

CVE-2026-20252 Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise

Cvelist•added last week•25 views

CVE-2026-20252 Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise

7.6CVSS0.00255EPSS

SUSE CVE•added 2026/06/10 2:31 a.m.•3 views

SUSE CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00216EPSS

Exploits0References3

Positive Technologies•added 2026/06/10 12:0 a.m.•8 views

PT-2026-48492

🚨 CVE-2026-20252 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send...

7.6CVSS5.4AI score0.00255EPSS

Exploits0References3

CNNVD•added 2026/06/10 12:0 a.m.•1 views

Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

8.4CVSS5.8AI score0.00397EPSS

Tenable Nessus•added 2026/06/10 12:0 a.m.•3 views

Debian dsa-6334 : gir1.2-poppler-0.18 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6334 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6334-1 [email protected]...

8.6CVSS6.8AI score0.00231EPSS

Exploits0References9

OPENSUSE Linux•added 2026/06/10 12:0 a.m.•3 views

python311-pypdf-6.13.0-1.1 on GA media (moderate)

python311-pypdf-6.13.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10974-1 Rating: moderate Cross-References: CVE-2026-48155 CVE-2026-48735 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed i...

6.9CVSS5.5AI score0.00129EPSS

Exploits0

CNNVD•added 2026/06/10 12:0 a.m.•4 views

Splunk Cloud Platform和Splunk Enterprise 代码问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There are code vulnerabilities in...

Tenable Nessus•added 2026/06/10 12:0 a.m.•4 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0602)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0602 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3,...

OSV•added 2026/06/09 12:42 p.m.•7 views

ROOT-APP-NPM-CVE-2024-34342 CVE-2024-34342 in @rootio/react-pdf - Patched by Root

Root has patched CVE-2024-34342 in the @rootio/react-pdf package for Root:npm. Multiple fixed versions available...

7.1CVSS5.8AI score0.01064EPSS

Exploits1

OSV•added 2026/06/09 12:16 a.m.•4 views

DEBIAN-CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00216EPSS

NVD•added 2026/06/09 12:16 a.m.•7 views

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS0.00216EPSS

CNNVD•added 2026/06/09 12:0 a.m.•5 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

7.8CVSS5.9AI score0.00165EPSS