Lucene search
+L

83 matches found

Cvelist
Cvelist
added 2026/03/26 4:58 p.m.24 views

CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

6.5CVSS0.00398EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 4:58 p.m.23 views

CVE-2026-33438

Stirling-PDF is affected by a Denial of Service (DoS) vulnerability in the watermark endpoint. Affected versions are 2.1.5 through 2.5.1 (prior to 2.5.2). An authenticated user can trigger resource exhaustion and server crashes by sending extreme values for fontSize and widthSpacer to /api/v1/sec...

6.5CVSS5.8AI score0.00398EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 4:58 p.m.2 views

CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

6.5CVSS5.8AI score0.00398EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 4:58 p.m.10 views

CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

6.5CVSS5.9AI score0.00398EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.18 views

PT-2026-28483

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions 2.1.5 through 2.5.1 Description Stirling-PDF is a locally hosted web application for PDF file operations. An authenticated user can trigger a Denial of Service DoS condition by submitting extreme values for the fontSize a...

6.5CVSS5.9AI score0.00398EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability. This vulnerability stemmed from insufficient validation of the fontSize and widthSpacer...

6.5CVSS5.7AI score0.00398EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

6.1CVSS6.1AI score0.0026EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:44 a.m.5 views

CVE-2026-27625

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS5.9AI score0.00462EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:44 a.m.32 views

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS0.00462EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 8:44 a.m.13 views

EUVD-2026-13638

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS5.9AI score0.00462EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 8:44 a.m.25 views

CVE-2026-27625

Stirling-PDF (local web app) is affected in all versions prior to 2.5.2. The vulnerability resides in the /api/v1/convert/markdown/pdf endpoint, where user-supplied ZIP entries are extracted without path checks, enabling path traversal and arbitrary file write by any authenticated user (stirlingp...

8.1CVSS5.9AI score0.00462EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 8:44 a.m.15 views

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS6AI score0.00462EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.13 views

PT-2026-26592

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS5.9AI score0.00462EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.15 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

8.1CVSS5.8AI score0.00462EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/10/07 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-55161

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS5.7AI score0.01999EPSS
In wildExploits1References40
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-49710

Malicious code in bioql PyPI...

5.4CVSS3.9AI score0.00409EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2025-24184

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.01999EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13302

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00417EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-24186

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.01701EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52737

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0047EPSS
Exploits0References2
Rows per page
Query Builder