Lucene search
K

1426 matches found

Nuclei
Nuclei
added 11 hours ago23 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
CVE
CVE
added 3 days ago8 views

CVE-2026-41482

Technical details of CVE-2026-41482 are not publicly available in the provided connected documents. Monitor for updates and refer to the initial description for basic vulnerability context (Frappe Chrome PDF Generator path traversal/LFI fixed in 16.18.3).

7.1CVSS6.1AI score0.00338EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-59935

A flaw was found in pypdf, a pure-python PDF library. A remote attacker can craft a malicious PDF file containing an unterminated inline image within the page content stream. When this crafted PDF is parsed, it can lead to an infinite loop, resulting in a denial of service DoS due to resource...

8.7CVSS6.1AI score0.00352EPSS
Exploits0References7
NVD
NVD
added 5 days ago11 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-57251

The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-57240

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...

7.8CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-13128

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42187

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-13127

The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 5 days ago11 views

EUVD-2026-42185

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42183

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...

7.8CVSS6AI score0.00128EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-57238

After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42181

After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42180

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42179

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42205

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57251

The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42198

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder