CVE-2026-27895

CVE-2026-27895 affects LDAP Account Manager (LAM). Before version 9.5, the PDF export component fails to validate uploaded file extensions, allowing upload of any file type (e.g., .php) and enabling remote code execution as the web server user. Versions prior to 9.5 are vulnerable; version 9.5 fi...

CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

CVE-2026-27894 LAM has Authenticated Local File Inclusion (LFI) in PDF export

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

EUVD-2026-12681

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

CVE-2026-27894

CVE-2026-27894 affects LDAP Account Manager (LAM) prior to version 9.5, where a local file inclusion (LFI) vuln in the PDF export allows an authenticated user to include local PHP files and potentially execute code. The underlying issue is a local file inclusion in the PDF export path, and the vu...

org.webjars.npm:dom-to-pdf (=0.3.2), org.webjars.npm:html2pdf.js (>=0.10.1 <=0.10.3) potentially affected by CVE-2026-31938 via org.webjars.npm:jspdf (>=2.5.2 <=3.0.3)

org.webjars.npm:jspdf MAVEN version =2.5.2, =0.10.1, =0.10.3 Source cves: CVE-2026-31938 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15678196...

org.webjars.npm:dom-to-pdf (=0.3.2), org.webjars.npm:html2pdf.js (>=0.10.1 <=0.10.3) potentially affected by CVE-2026-31898 via org.webjars.npm:jspdf (>=2.5.2 <=3.0.3)

org.webjars.npm:jspdf MAVEN version =2.5.2, =0.10.1, =0.10.3 Source cves: CVE-2026-31898 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15677843...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the createAnnotation method, whose color parameter can be injected with script objects. An attacker can inject PDF objects as freetext annotations, which may be executed when a user opens the...

GHSA-7X6V-J9X4-QF24 jsPDF has a PDF Object Injection via FreeText color

Impact User control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might...

jsPDF has a PDF Object Injection via FreeText color

Impact User control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might...

OPENSUSE-SU-2026:20372-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.80: CVE-2026-3909: Out of bounds write in Skia boo1259659 - Chromium 146.0.7680.75 released 2026-03-12 boo1259648 CVE-2026-3910: Inappropriate implementation in V8. - Chromium 146.0.7680.71 released...

CVE-2026-4308

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

CVE-2026-4308

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

CVE-2026-4308 frdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgery

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

CVE-2026-4285

A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such...

PT-2026-25872

🚨 CVE-2026-4308 A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle pdf document of the file python/helpers/document query.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

PT-2026-25963

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

easegen-admin 路径遍历漏洞

easegen-admin is a digital human course creation platform developed by taoofagi. Easegen-admin has a path traversal vulnerability, which stems from incorrect handling of the parameter fileUrl in the file...

PT-2026-25966

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...