Lucene search
+L

83 matches found

OSV
OSV
added 2025/05/01 5:20 p.m.8 views

CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

8.7CVSS6.4AI score0.00417EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.13 views

PT-2025-18685

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 0.45.0 Description Stirling-PDF is a locally hosted web application that allows users to perform various operations on PDF files. The application is vulnerable to SSRF-induced arbitrary file read due to WeasyPrin...

8.7CVSS5.6AI score0.00417EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.45.0, which stems from a flaw in WeasyPrint's handling of HTML tags that could lead to server-side request...

8.7CVSS6.5AI score0.00417EPSS
Exploits1References1
NVD
NVD
added 2024/12/19 4:15 p.m.16 views

CVE-2024-55082

A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...

7.5CVSS0.0047EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.5 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF version 0.35.1, which stems from vulnerability to a server-side request forgery attack that allows an attacker to access...

7.5CVSS6.2AI score0.0047EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/19 12:0 a.m.11 views

CVE-2024-55082

A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...

6.6AI score0.0047EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.5 views

PT-2024-36472 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF version 0.35.1 Description: A Server-Side Request Forgery SSRF issue in the endpoint "http://your-server/url-to-pdf" of Stirling-PDF allows attackers to access sensitive information via a crafted request. This enables attackers t...

7.5CVSS6.7AI score0.0047EPSS
Exploits0References6
CVE
CVE
added 2024/12/19 12:0 a.m.57 views

CVE-2024-55082

CVE-2024-55082 describes a Server-Side Request Forgery (SSRF) in Stirling-PDF 0.35.1. The vulnerable component is the endpoint http://{your-server}/url-to-pdf, where crafted requests can trigger unauthorized access to sensitive data. Across connected sources, the affected product/stage is consist...

7.5CVSS6.5AI score0.0047EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/19 12:0 a.m.23 views

CVE-2024-55082

A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...

0.0047EPSS
Exploits0References2
NVD
NVD
added 2024/11/11 8:15 p.m.19 views

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

2CVSS0.00517EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/11 7:14 p.m.17 views

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

2CVSS6.7AI score0.00517EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/11 7:14 p.m.24 views

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

2CVSS0.00517EPSS
Exploits0References2
CVE
CVE
added 2024/11/11 7:14 p.m.62 views

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

2CVSS6.8AI score0.00517EPSS
Exploits0References3
OSV
OSV
added 2024/11/11 7:14 p.m.17 views

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

2CVSS7AI score0.00517EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.5 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.32.0 that stems from a merge function that accepts untrusted user input and uses it directly to create HTML...

2CVSS6.8AI score0.00517EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.9 views

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

2CVSS7AI score0.00517EPSS
Exploits0References7
NVD
NVD
added 2024/09/21 11:15 p.m.14 views

CVE-2024-9075

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

5.4CVSS0.00409EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/21 11:0 p.m.46 views

CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

2.6CVSS0.00409EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/09/21 11:0 p.m.14 views

CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

2.6CVSS6.3AI score0.00409EPSS
Exploits1References4
CVE
CVE
added 2024/09/21 11:0 p.m.67 views

CVE-2024-9075

The CVE-2024-9075 entry concerns Stirling-Tools Stirling-PDF (versions up to 0.28.3) with a cross-site scripting flaw in the Markdown-to-PDF component. The issue enables remote exploitation and is described as having rather high attack complexity and requiring user interaction. Remediation provid...

5.4CVSS3.9AI score0.00409EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder