Lucene search
K

492 matches found

OSV
OSV
added 2026/03/27 1:16 a.m.3 views

UBUNTU-CVE-2026-33699

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...

8.2CVSS5.7AI score0.00455EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 6:0 a.m.14 views

CVE-2026-2343

The CVE-2026-2343 entry concerns the PeproDev Ultimate Invoice WordPress plugin (versions up to 2.2.5). A bulk download invoices action creates ZIP archives of exported invoice PDFs with predictably named files, enabling an attacker to brute force and retrieve PII. The flaw is exploitable without...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:0 a.m.5 views

CVE-2026-2343

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

pypdf 安全漏洞

pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.9.1 contained security vulnerabilities, which stemmed from defects in processing malicious PDFs. These vulnerabiliti...

6.5CVSS5.8AI score0.00349EPSS
Exploits0References4
OSV
OSV
added 2026/03/17 3:19 p.m.5 views

OPENSUSE-SU-2026:20375-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2025-31826: Fixed denial of service due to excessive memory consumption via crafted PDF bsc1259508...

6.8CVSS5.8AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 10:4 p.m.23 views

CVE-2026-3939

Google Chrome/Chromium is affected by CVE-2026-3939 due to insufficient policy enforcement in PDF handling, allowing a crafted PDF to bypass navigation restrictions. Affected component: PDF policy enforcement in Chrome/Chromium prior to version 146.0.7680.71 (specific fixed versions cited by Debi...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 8:15 p.m.4 views

OPENSUSE-SU-2026:20348-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter bsc1259404 - Update sources with osc run downloadfiles...

6.9CVSS5.8AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being...

8.7CVSS7.1AI score0.00348EPSS
Exploits1References3
OSV
OSV
added 2026/02/28 2:46 a.m.7 views

GHSA-F2V5-7JQ9-H8CG pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/27 6:31 p.m.7 views

EUVD-2025-208142

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS6AI score0.00345EPSS
Exploits1References2
NVD
NVD
added 2026/02/27 5:16 p.m.8 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS0.00345EPSS
Exploits1References1
OSV
OSV
added 2026/02/27 5:16 p.m.5 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/26 1:16 a.m.4 views

DEBIAN-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

7.5CVSS8.1AI score0.00348EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/02/20 12:26 a.m.4 views

SUSE CVE-2026-2648

Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00481EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/19 7:32 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which i...

8.6CVSS6AI score0.0043EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.4 views

PT-2026-20909

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.1 Description pypdf is a free and open-source pure-python PDF library. A crafted PDF file can cause excessive processing time due to a malformed /FlateDecode stream and byte-by-byte decompression. Recommendations...

6.9CVSS5.2AI score0.00168EPSS
Exploits0References36
Securelist
Securelist
added 2026/02/05 9:0 a.m.10 views

Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT

Introduction Stan Ghouls also known as Bloody Wolf is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/04 12:7 p.m.5 views

Firefox is giving users the AI off switch

Some software providers have decided to lead by example and offer users a choice about the Artificial Intelligence AI features built into their products. The latest example is Mozilla, which now offers users a one-click option to disable generative AI features in the Firefox browser. Audiences ar...

5.5AI score
Exploits0
NVD
NVD
added 2026/02/02 11:16 p.m.13 views

CVE-2026-24043

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

6.9CVSS0.00253EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/02 8:34 p.m.2 views

CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

6.9CVSS5.5AI score0.00253EPSS
Exploits1References3
Rows per page
Query Builder