Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

EUVD-2025-13302

Malicious code in bioql PyPI...

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-9075

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

CVE-2024-55082

A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...

CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.45.0, which stems from a flaw in WeasyPrint's handling of HTML tags that could lead to server-side request...

PT-2025-18685

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 0.45.0 Description Stirling-PDF is a locally hosted web application that allows users to perform various operations on PDF files. The application is vulnerable to SSRF-induced arbitrary file read due to WeasyPrin...

CVE-2024-55082

A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...