492 matches found
UBUNTU-CVE-2026-33699
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...
CVE-2026-2343
The CVE-2026-2343 entry concerns the PeproDev Ultimate Invoice WordPress plugin (versions up to 2.2.5). A bulk download invoices action creates ZIP archives of exported invoice PDFs with predictably named files, enabling an attacker to brute force and retrieve PII. The flaw is exploitable without...
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
pypdf 安全漏洞
pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.9.1 contained security vulnerabilities, which stemmed from defects in processing malicious PDFs. These vulnerabiliti...
OPENSUSE-SU-2026:20375-1 Security update for python-PyPDF2
This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2025-31826: Fixed denial of service due to excessive memory consumption via crafted PDF bsc1259508...
CVE-2026-3939
Google Chrome/Chromium is affected by CVE-2026-3939 due to insufficient policy enforcement in PDF handling, allowing a crafted PDF to bypass navigation restrictions. Affected component: PDF policy enforcement in Chrome/Chromium prior to version 146.0.7680.71 (specific fixed versions cited by Debi...
OPENSUSE-SU-2026:20348-1 Security update for python-PyPDF2
This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter bsc1259404 - Update sources with osc run downloadfiles...
Linux Distros Unpatched Vulnerability : CVE-2026-27888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being...
GHSA-F2V5-7JQ9-H8CG pypdf: Manipulated RunLengthDecode streams can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...
EUVD-2025-208142
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...
CVE-2025-69437
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...
CVE-2025-69437
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...
DEBIAN-CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
SUSE CVE-2026-2648
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Chromium security severity: High...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which i...
PT-2026-20909
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.1 Description pypdf is a free and open-source pure-python PDF library. A crafted PDF file can cause excessive processing time due to a malformed /FlateDecode stream and byte-by-byte decompression. Recommendations...
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
Introduction Stan Ghouls also known as Bloody Wolf is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT...
Firefox is giving users the AI off switch
Some software providers have decided to lead by example and offer users a choice about the Artificial Intelligence AI features built into their products. The latest example is Mozilla, which now offers users a one-click option to disable generative AI features in the Firefox browser. Audiences ar...
CVE-2026-24043
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...
CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...