Lucene search
K

1626 matches found

Malwarebytes
Malwarebytes
added 2026/04/13 11:38 a.m.11 views

Simply opening a PDF could trigger this Adobe Reader zero-day

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal. A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw a “zero‑day” in Adobe Acrobat Reader. When a vict...

8.6CVSS7.9AI score0.07086EPSS
Exploits4
Fedora
Fedora
added 2026/04/12 3:38 p.m.7 views

[SECURITY] Fedora 43 Update: mupdf-1.27.1-10.fc43

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

7.8CVSS5.9AI score0.00213EPSS
Exploits0
OSV
OSV
added 2026/04/10 8:59 p.m.1 views

GHSA-3CRG-W4F6-42MX pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in pypdf==6.10.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3724...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-32055

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.0 Description Manipulated XMP metadata entity declarations can exhaust RAM. An attacker can craft a PDF that leads to large memory usage when the XMP metadata is parsed. Recommendations Update to version 6.10.0. As...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References20
NVD
NVD
added 2026/04/08 10:16 p.m.6 views

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31507

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A cryptographic flaw exists in PDFium, a component of Google Chrome. This flaw could allow an attacker to read sensitive information from encrypted PDFs by conducting a brute-force...

9.6CVSS5.8AI score0.00608EPSS
Exploits0References65
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.5 views

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

6.2CVSS5.9AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 6:31 a.m.3 views

EUVD-2026-17804

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.2AI score0.00417EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 6:21 a.m.5 views

CVE-2026-5287

An use after free flaw was found in the PDF component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=494644471...

9.6CVSS5.8AI score0.00417EPSS
Exploits0References5
NVD
NVD
added 2026/04/01 5:16 a.m.12 views

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS0.00417EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 4:41 a.m.31 views

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

0.00417EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:41 a.m.2 views

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.3CVSS6.2AI score0.00417EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/04/01 3:55 a.m.6 views

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in PDF files in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions through a crafted PDF file. Chromium security severity: Low...

6.5CVSS5.5AI score0.00147EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 2:16 a.m.4 views

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

6.2CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.2 views

CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00109EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3776

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/04/01 1:40 a.m.19 views

CVE-2026-3778

CVE-2026-3778 affects Foxit PDF Editor/Reader (Foxit Reader) across platforms as described in connected records. The root cause is cyclic PDF object references created by pages and annotations referencing each other in a loop, which, when the document is processed by APIs that perform deep traver...

6.2CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.2 views

CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

6.2CVSS5.9AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29519

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

6.4AI score0.00178EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29434

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00109EPSS
Exploits0References2
Rows per page
Query Builder