Lucene search
K

492 matches found

Snyk
Snyk
added 2026/02/02 6:29 p.m.3 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState...

9.3CVSS6AI score0.00532EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.9 views

pypdf security vulnerability

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.6.2, pypdf had a security vulnerability due to an infinite loop, which could lead to resource consumption when processing special...

5.1CVSS5.8AI score0.00388EPSS
Exploits2References4
OSV
OSV
added 2026/01/26 11:37 p.m.2 views

GHSA-2Q4J-M29V-HQ73 pypdf has possible Infinite Loop when processing outlines/bookmarks

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...

5.1CVSS5.8AI score0.00388EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : okular-4.10.5-9.el7 (AXSA:2020-696:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-696:02 advisory. okular: local binary execution via specially crafted PDF files CVE-2020-9359 Tenable has extracted the preceding description block directly from the...

6.8CVSS5.7AI score0.01452EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : poppler-0.26.5-17.el7 (AXSA:2017-2054:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2054:01 advisory. A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use...

7.8CVSS7.8AI score0.04338EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/15 12:0 a.m.28 views

CVE-2025-67079

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...

0.00381EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/12/19 12:0 a.m.3 views

Foxit PDF Reader PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...

7.8CVSS7.2AI score0.00252EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:49 a.m.8 views

Remote Code Execution (RCE)

pdfminer.six is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the CMapDB.loaddata function, where pickle.loads processes attacker-controlled pickle.gz files referenced by a malicious PDF, allowing arbitrary code execution when the file is...

8.6CVSS7.7AI score0.00281EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/12/12 4:15 p.m.3 views

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...

4.6CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2025/12/12 12:0 a.m.18 views

CVE-2025-67341

CVE-2025-67341 affects jshERP 3.5 and earlier, with a stored XSS in uploaded PDF files that can be accessed via static URLs by any user. The issue’s root cause is a stored XSS vulnerability in PDF upload handling, leading to potential script execution within users’ contexts. Severity is CVSS v3.1...

4.6CVSS5.9AI score0.00145EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/12/11 6:30 p.m.10 views

EUVD-2025-202707

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

7.8CVSS7.8AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2025/12/11 4:16 p.m.8 views

CVE-2025-55313

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

7.8CVSS0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.2 views

CVE-2025-55313

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

7.7AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.30 views

CVE-2025-55313

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

0.00143EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 12:0 a.m.22 views

CVE-2025-55309

Summary: CVE-2025-55309 affects Foxit PDF Editor/Reader on Windows and macOS prior to specific updated versions. A crafted PDF can include JavaScript that attaches an OnBlur action to a form field that destroys an annotation. During a user’s right‑click interaction, the application’s focus handli...

6.7CVSS7.6AI score0.00115EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/12/11 12:0 a.m.50 views

CVE-2025-55313

Summary: CVE-2025-55313 affects Foxit PDF Editor/Reader for Windows and macOS prior to 13.2 and prior to 2025.2. The issue stems from how memory allocation failures are handled after JavaScript assigns an extremely large value to a form field’s charLimit, leading to memory corruption and potentia...

7.8CVSS7.9AI score0.00143EPSS
Exploits0References1Affected Software2
Veracode
Veracode
added 2025/12/08 10:9 a.m.11 views

XML External Entity (XXE) Injection

Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...

9.8CVSS8.4AI score0.79807EPSS
Exploits6References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-66019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory...

8.7CVSS5.7AI score0.00313EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-64512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107,...

8.6CVSS7.5AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/07 8:52 p.m.6 views

Deserialization of Untrusted Data

Overview pdfminer.six is a PDF parser and analyzer Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CMapDB.loaddata function. An attacker can execute arbitrary code by crafting a malicious PDF that references a specially crafted pickle file, which is...

8.6CVSS7.5AI score0.00281EPSS
Exploits1References4
Rows per page
Query Builder