PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

chrome-exploit-simulator

Ethical Hacking — Simulateur Exploit Web Présentation Ce...

PT-2026-37107

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.4 PhpSpreadsheet versions prior to 2.1.16 PhpSpreadsheet versions prior to 2.4.5 PhpSpreadsheet versions prior to 3.10.5 PhpSpreadsheet versions prior to 5.7.0 Description The XLSX reader's...

ai.telosforge:kimaira-starter-etl (>=1.2.4 <=1.2.6), cn.echoparrot:echoparrot-application (=25.4.0) +12 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.1.0 <=1.1.2)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.1.0, =1.2.4, =25.4.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =.30.0.rc5, =3.3.0.rc2, =3.3.0.rc2, =3.30.0.rc12 Source cves: CVE-2026-40980 Source advisory: OSV:GHSA-26GG-9GV2-V27J...

com.alibaba.cloud.ai:spring-ai-alibaba-starter-document-parser-apache-pdfbox (>=1.0.0.1 <=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-document-parser-bibtex (>=1.0.0.1 <=1.0.0.4) +6 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.0.0, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-admin =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-core =1.0.0.4 -...

CVE-2026-5937

CVE-2026-5937 is associated with Foxit PDF Editor/Reader and is caused by insufficient parameter verification that can lead to format errors in files. This triggers an unhandled std::invalid_argument exception, which results in the application terminating (denial of service). The available docume...

CVE-2026-5937 Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...

CVE-2026-5937 Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...

CVE-2026-5940

Summary of CVE-2026-5940 : Foxit PDF Editor/Reader contains a use-after-free vulnerability in the annotation flow. The issue arises when a function triggers a UI refresh after removing comments via a script, which may access an invalidated object and cause a crash. The CVE record cites a CVSS v3....

CVE-2026-5939

CVE-2026-5939 describes a use-after-free (UAF) vulnerability in Foxit PDF Editor/Reader triggered by a crafted XFA PDF during the calculate event. The issue affects the application when processing XFA calculate logic, potentially crashing the program and enabling arbitrary code execution. The lin...

Foxit PDF Reader和Foxit PDF Editor 资源管理错误漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. There is a resource management vulnerability in Foxit PDF Editor and Foxit PDF Reader. This vulnerability arises from abnormal document...

Foxit PDF Reader和Foxit PDF Editor 资源管理错误漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have a resource management vulnerability. This vulnerability arises from the special XFA PDF...

Foxit PDF Reader和Foxit PDF Editor 资源管理错误漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have a resource management vulnerability. This vulnerability arises from calling a function th...

Foxit PDF Reader < 2026.1.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Reader application previously named Foxit Reader installed on the remote Windows host is prior to 2026.1.1. It is, therefore affected by multiple vulnerabilities: - Document structural anomalies caused inconsistencies between page element relationships and...

ai.telosforge:kimaira-starter-etl (>=1.2.4 <=1.2.6), cn.echoparrot:echoparrot-application (=25.4.0) +12 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.1.0-M3 <=1.1.2)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.1.0-M3, =1.2.4, =25.4.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =.30.0.rc5, =3.3.0.rc2, =3.3.0.rc2, =3.30.0.rc12 Source cves: CVE-2026-40980 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316421...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Editor and Foxit PDF Reader have security vulnerabilities. These vulnerabilities stem from improper control flow managemen...

Allocation of Resources Without Limits or Throttling

Overview org.springframework.ai:spring-ai-pdf-document-reader is a Spring AI PDF document reader Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via ForkPDFLayoutTextStripper. An attacker can cause denial of service by supplying a crafted P...

Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

com.alibaba.cloud.ai:document-parser-apache-pdfbox (>=1.0.0-M5.1 <=1.0.0-M6.1), com.alibaba.cloud.ai:document-parser-bibtex (>=1.0.0-M5.1 <=1.0.0-M6.1) +19 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.0.0-M5 <=1.0.1)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.0.0-M5, =1.0.0-M5.1, =1.0.0-M5.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.6 - com.chinagoods.framework.thinkc...