@edropin/canvas (>=1.1.0 <=2.0.0), @launchtray/hatch-test-pdf (>=0.11.2 <=0.23.0-alpha.17) +15 more potentially affected by CVE-2026-26830 via pdf-image (>=1.1.0 <=2.0.0)

pdf-image NPM version =1.1.0, =1.1.0, =0.11.2, =0.2.0, =0.0.2, =0.13.0-beta.1, =0.0.2, =0.0.12, =0.19.5, =0.0.2, =0.1.1, =0.3.0, =0.1.1, =1.0.0, =1.0.0, =1.0.5 and more Source cves: CVE-2026-26830 Source advisory: OSV:GHSA-Q5MH-72XG-628W...

pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via...

GHSA-Q5MH-72XG-628W pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

CVE-2026-26830

Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15396)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused due to insufficient policy enforcement in PDF. An attacker can exploit the vulnerability to bypass security restrictions...

pdf-image 安全漏洞

pdf-image is a Node.js tool developed by Masafumi Oyamada for converting PDFs to PNG images. Versions of pdf-image 2.0.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the fact that the pdfFilePath parameter is not verified, which may lead to OS command injection...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

GHSA-98WM-CXPW-847P Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

BUGSCANNER---PHP-Web-Security-Scanner-for-Bug-Bounty-Penetration-Testing

!Pythonhttps://img.shields.io/badge/Python-3.10%2B-3776AB?st...

Exploit for CVE-2026-26830

CVE-2026-26830: OS command injection in pdf-image Summary...

PT-2026-27631

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja allows for the execution of stored cross-site scripting XSS payloads through invoice line item descriptions in versions 5.13.0 through 5.13.3. The line item description fie...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in jsPDF (CVE-2025-57810)

Summary A vulnerability in jsPDF CVE-2025-57810 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the...

KLA90950 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Base can be exploited to...

python311-PyPDF2-2.11.1-8.1 on GA media (moderate)

python311-PyPDF2-2.11.1-8.1 on GA media Announcement ID: openSUSE-SU-2026:10402-1 Rating: moderate Cross-References: CVE-2026-33123 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2019-25578

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

EUVD-2019-19846

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the...

EUVD-2019-19848

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...