95 matches found
CVE-2026-57252
When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...
CVE-2026-57247
The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing...
CVE-2026-13126
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...
CVE-2026-13126
CVE-2026-13126 affects Foxit PDF Editor/Reader due to a use-after-free in the handling of PDF annotations (embedded JavaScript). The issue can lead to a crash when the application attempts to write to an invalid popup annotation object, as described in the CVE description. CVSS 3.1 metrics indica...
EUVD-2026-42185
Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...
CVE-2026-13128
Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...
CVE-2026-13128
CVE-2026-13128 affects Foxit PDF Editor/Reader with a use-after-free in the Doc Object when embedding JavaScript in a PDF, leading to application crash and potential remote code execution. The vulnerability impacts the document view’s properties after the page is deleted, enabling continued acces...
EUVD-2026-42200
When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...
CVE-2026-57252
When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...
CVE-2026-57252 Foxit PDF Editor/Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...
CVE-2026-57247
The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing...
CVE-2026-57247
Foxit PDF Editor/Reader is affected by CVE-2026-57247 where field processing re-enters the document structure and deletes the current page, then continues using the field objects that were obtained before deletion, causing an illegal read and a crash. The entry lists a CVSSv3.1 base score of 7.8 ...
CVE-2026-57247 Foxit PDF Editor/Reader Field Use-After-Free Vulnerability
The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing...
CVE-2026-44199
Summary (CVE-2026-44199) Wagtail (Django-based CMS) before versions 7.0.7, 7.3.2, and 7.4 contains a permission bug in form submissions. A CMS user with limited access to form pages can delete submissions on pages they should not access by crafting a delete submission request for pages they can a...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion vulnerability
WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin = 4.0.9 - Missing Authorization to Authenticated Subscriber+ Project Page/File Deletion vulnerability discovered by WordFence in WordPress Plugin Atarim versions = 4.0.9...
EUVD-2025-202708
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...
CVE-2025-55314
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...
CVE-2025-55312
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...