Lucene search
K

8 matches found

NVD
NVD
added 2026/05/14 4:16 p.m.12 views

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS0.00348EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:33 p.m.43 views

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS0.00313EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:32 p.m.7 views

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS5.8AI score0.00348EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:31 p.m.9 views

CVE-2026-42593

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS5.8AI score0.00311EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 3:20 p.m.62 views

CVE-2026-42591 Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS0.00245EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:33 p.m.8 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.12 views

CVE-2025-57462

Stored cross-site scripting xss in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file...

6.1CVSS6AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder