Lucene search
K

492 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Views component’s ability to re-use resources after release, potentially allowing remote attackers to exploi...

8.3CVSS5.8AI score0.00164EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Debian dla-4597 : atril - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4597 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/...

8.4CVSS5.3AI score0.00529EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.7 views

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...

5.5CVSS7.1AI score0.00126EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

DHTMLX Gantt 路径遍历漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...

9.2CVSS5.8AI score0.00497EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017627 advisory. In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

5.5CVSS5.8AI score0.04024EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.14 views

Pillow 安全漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 4.2.0 to 12.2.0 contained security vulnerabilities. These vulnerabilities were due to malicious PDFs, which could cause processes to hang indefinitely, consume 100% of the CPU resources, and render the...

5.5CVSS7.1AI score0.00126EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 5:19 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pdfContext.setOption process. An attacker can access arbitrary files readable by the PHP worker by uploading a crafted PDF invoice template that triggers the embedding of file contents into the generated PDF...

5.1CVSS6.3AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 12:59 a.m.5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-25306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge...

6.9CVSS6.1AI score0.00177EPSS
Exploits1References2
CVE
CVE
added 2026/04/29 7:24 p.m.10 views

CVE-2018-25306

PDFunite 0.41.0 contains a local buffer overflow in processing malformed PDFs during merge, causing a segmentation fault via XRef::getEntry in libpoppler when a crafted PDF is merged. This is a local-impact vulnerability that can crash the pdfunite utility; exploitation details and a validated fi...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.3 views

CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/29 7:24 p.m.7 views

EUVD-2018-21827

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/28 9:19 a.m.5 views

CVE-2026-7233

A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user could exploit an out-of-bounds read vulnerability in the fzsubsetcffforgids function. This could allow an attacker to read sensitive information from memory, potentially leading to information...

6.1CVSS5.2AI score0.00238EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.5 views

SUSE CVE-2026-41313

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...

4.8CVSS5.6AI score0.00214EPSS
Exploits0References3
HackRead
HackRead
added 2026/04/23 4:42 p.m.10 views

Harvester APT Expands Spying Operations with New GoGra Linux Malware

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to...

6.5CVSS5.7AI score0.00226EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 9:30 p.m.8 views

pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes fro...

6.5CVSS5.7AI score0.00226EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google with a built-in PDFium component for rendering PDF documents. Google Chrome's PDFium suffers from a heap buffer overflow vulnerability that stems from a failure to properly handle certain data in a specially crafted PDF file, which can be exploit...

8.8CVSS6.4AI score0.00336EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/10 12:0 a.m.5 views

Google Chrome PDF Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the PDF component responsible for freeing memory. An attacker could...

8.8CVSS6.1AI score0.00417EPSS
Exploits0
NVD
NVD
added 2026/04/08 10:16 p.m.3 views

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

4.3CVSS0.00102EPSS
Exploits0References2
Rows per page
Query Builder