Lucene search
K

253 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2021-30210

Malicious code in bioql PyPI...

7.3CVSS7.5AI score0.01284EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47486

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00762EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 6:36 a.m.3 views

Improper Input Validation

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Improper Input Validation via the HTML entity decoding logic in the client-side PDF export pipeline. An attacker can explo...

6.9CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/10/02 6:36 a.m.1 views

Cross-site Scripting (XSS)

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete HTML sanitization in the client-side PDF export pipeline. An attacker can exploit...

6.1CVSS5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.4 views

CVE-2025-58049

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

7.5CVSS6.8AI score0.00341EPSS
Exploits1References1
CVE
CVE
added 2025/08/28 5:43 p.m.24 views

CVE-2025-58049

CVE-2025-58049 affects XWiki Platform components where PDF export jobs serialize request context, including cookies, into job status files. The root cause is unencrypted storage of user cookies (potentially exposing credentials) in the permanent data directory after a PDF export completes. Affect...

7.5CVSS6.4AI score0.00341EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/08/28 5:43 p.m.11 views

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

5.8CVSS0.00341EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/28 5:43 p.m.2 views

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

5.8CVSS6.4AI score0.00341EPSS
Exploits1References3
OSV
OSV
added 2025/08/28 5:43 p.m.4 views

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

5.8CVSS6.7AI score0.00341EPSS
Exploits1References5
OSV
OSV
added 2025/08/28 3:10 p.m.2 views

GHSA-9M7C-M33F-3429 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...

5.8CVSS6.8AI score0.00341EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-35113

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.4.2 through 16.4.7 XWiki Platform versions 16.5.0-rc-1 through 16.10.6 XWiki Platform versions 17.0.0-rc-1 through 17.4.0-rc-1 Description: The PDF export jobs store sensitive cookies unencrypted in job statuses. Th...

7.5CVSS6.4AI score0.00341EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/23 10:12 a.m.15 views

CVE-2024-31981

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically...

9.9CVSS7.6AI score0.01447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.7 views

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...

5.3CVSS6.5AI score0.00545EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.5 views

CVE-2023-22127

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

6.3CVSS5.6AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:1 a.m.9 views

CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

7.8CVSS7AI score0.00928EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.8 views

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

9.8CVSS6.9AI score0.00762EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.16 views

CVE-2021-29475

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...

10CVSS7.2AI score0.01158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 p.m.10 views

CVE-2021-43266

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution...

7.3CVSS7.4AI score0.01284EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 p.m.4 views

CVE-2020-19924

In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks...

5.4CVSS6.1AI score0.00531EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.8 views

The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform relates to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...

4.3CVSS5.5AI score0.00349EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder