Lucene search
K

18 matches found

NVD
NVD
added 2026/05/14 4:16 p.m.12 views

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS0.00348EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:36 p.m.63 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS0.0029EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:33 p.m.43 views

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS0.00313EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:32 p.m.7 views

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS5.8AI score0.00348EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:31 p.m.9 views

CVE-2026-42593

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS5.8AI score0.00311EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 3:20 p.m.63 views

CVE-2026-42591 Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS0.00245EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:56 p.m.3 views

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 7:33 p.m.1 views

CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:33 p.m.9 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/06 7:30 p.m.13 views

CVE-2026-30843

Wekan versions 8.32 and 8.33 contain a critical Insecure Direct Object Reference (IDOR) in custom fields update endpoints, allowing cross-board modification of custom fields. The PUT /api/boards/:boardId/custom-fields/:customFieldId endpoint validates board access but uses the field’s _id as a fi...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/03 12:0 a.m.1 views

Fedora 43 : gitleaks (2025-55bf0b6949)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-55bf0b6949 advisory. Update to 8.30.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.12 views

CVE-2025-57462

Stored cross-site scripting xss in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file...

6.1CVSS6AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.6 views

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to certain interfaces. A security vulnerability exists in KioWare 8.33 and earlier versions, which stems from the presence of an incomplete blacklist filter, and can be exploited...

7.8CVSS7.3AI score0.00233EPSS
Exploits0References4
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

CVE-2021-23182

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; All versions of 8.30...

4.4CVSS5.8AI score0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.9 views

Gallagher Group Command Centre SQL Injection Vulnerability

Gallagher Group Command Centre is a centralized control tool for Gallagher access control systems from Gallagher Group New Zealand. A SQL injection vulnerability exists in Gallagher Group Command Centre, which can be exploited by a remote attacker to execute arbitrary SQL against a third-party...

8.2CVSS7.4AI score0.009EPSS
Exploits0References2
CNVD
CNVD
added 2015/03/31 12:0 a.m.4 views

PCRE Denial of Service Vulnerability (CNVD-2015-02118)

PCRE Perl Compatible Regular Expressions is a Perl library that includes a library of perl-compatible regular expressions. A denial of service vulnerability exists in PCRE 8.36 and earlier versions, which can be exploited by a remote attacker to cause stack exhaustion leading to a denial of servi...

7.5CVSS6.8AI score0.04049EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2014/12/16 12:0 a.m.10 views

PT-2014-8764 · Philip Hazel +6 · Pcre +6

Name of the Vulnerable Software and Affected Versions: PCRE versions 8.36 and earlier Description: A heap-based buffer overflow issue allows remote attackers to cause a denial of service crash or have other unspecified impact via a crafted regular expression, related to an assertion that allows...

9.8CVSS7.7AI score0.9986EPSS
Exploits14References209
Rows per page
Query Builder