14 matches found
CVE-2026-34376
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...
CVE-2026-34376
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...
CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...
CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...
CVE-2026-34376
PdfDing is vulnerable prior to version 1.7.0 due to an access-control flaw that allowed unauthenticated retrieval of password‑protected shared PDFs via the direct file‑serving endpoint without completing the password verification flow. This could expose confidential documents intended to be prote...
PdfDing 安全漏洞
PdfDing is a self-hosted PDF management, viewing, and editing tool developed by mrmn’s developers. Versions of PdfDing prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from access control loopholes, allowing unverified users to bypass password verification processe...
CVE-2026-34586
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
CVE-2026-34586 PdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download Endpoints
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
CVE-2026-34586
PdfDing (self-hosted PDF manager/editor) is affected by a vulnerability in which check_shared_access_allowed() only validates session existence and does not enforce SharedPdf.inactive (expiration/max views) or SharedPdf.deleted. The Serve and Download endpoints rely on this function, allowing pre...
CVE-2026-34586
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
EUVD-2026-17636
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
CVE-2026-34586 PdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download Endpoints
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
PT-2026-29354
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check shared access allowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
PdfDing 安全漏洞
PdfDing is a self-hosted PDF management, viewing, and editing tool developed by mrmn’s individual developer. Versions of PdfDing prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from insufficient shared access verification, allowing authorized users to access share...