253 matches found
EUVD-2021-30210
Malicious code in bioql PyPI...
EUVD-2022-47486
Malicious code in bioql PyPI...
Improper Input Validation
Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Improper Input Validation via the HTML entity decoding logic in the client-side PDF export pipeline. An attacker can explo...
Cross-site Scripting (XSS)
Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete HTML sanitization in the client-side PDF export pipeline. An attacker can exploit...
CVE-2025-58049
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-58049
CVE-2025-58049 affects XWiki Platform components where PDF export jobs serialize request context, including cookies, into job status files. The root cause is unencrypted storage of user cookies (potentially exposing credentials) in the permanent data directory after a PDF export completes. Affect...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
GHSA-9M7C-M33F-3429 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...
PT-2025-35113
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.4.2 through 16.4.7 XWiki Platform versions 16.5.0-rc-1 through 16.10.6 XWiki Platform versions 17.0.0-rc-1 through 17.4.0-rc-1 Description: The PDF export jobs store sensitive cookies unencrypted in job statuses. Th...
CVE-2024-31981
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically...
CVE-2024-23193
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
CVE-2023-22127
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2023-42361
Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...
CVE-2022-44544
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...
CVE-2021-29475
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...
CVE-2021-43266
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution...
CVE-2020-19924
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks...
The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform relates to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...