Lucene search
K

30 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35943

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

6.1CVSS5.2AI score0.00185EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.2 views

CVE-2025-56534

A cross-site scripting XSS vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.2AI score0.00185EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2026/04/29 12:0 a.m.6 views

CVE-2025-56537

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter...

6.1CVSS5.4AI score0.00185EPSS
Exploits3References2
Fedora
Fedora
added 2026/04/25 1:55 a.m.7 views

[SECURITY] Fedora 44 Update: qt6-qtdatavis3d-6.10.3-1.fc44

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

5.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.6 views

SUSE CVE-2026-41314

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS5.6AI score0.00226EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 10:16 p.m.34 views

CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

6.5CVSS0.00226EPSS
Exploits0References4
OSV
OSV
added 2026/04/22 10:16 p.m.6 views

DEBIAN-CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

6.5CVSS5.3AI score0.00226EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/22 9:4 p.m.3 views

CVE-2026-41313

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...

6.5CVSS5.3AI score0.00214EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/22 9:4 p.m.27 views

CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...

4.8CVSS0.00214EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/22 9:2 p.m.6 views

CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

4.8CVSS5.6AI score0.00226EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/22 8:49 p.m.4 views

CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

6.9CVSS5.6AI score0.00297EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/15 7:43 p.m.6 views

pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

6.9CVSS5.7AI score0.00297EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2026/04/11 5:26 a.m.12 views

Pypdf: Manipulated XMP Metadata Entity Declarations Can Exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in "pypdf==6.10.0" https://github.com/py-pdf/pypdf/releases/tag/6.10.0. Workarounds If you cannot upgrade yet, consider applying th...

6.9CVSS5.7AI score0.00423EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 10:0 a.m.2 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/13 8:41 p.m.8 views

CVE-2025-67750

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7.1AI score0.00166EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/10/31 6:30 a.m.240 views

Exploit for Server-Side Request Forgery in Rocket.Chat

CVE-2024-39713: Rocket.Chat SSRF PoC Description A Server...

8.6CVSS8.7AI score0.03201EPSS
Exploits2
Patchstack
Patchstack
added 2025/02/28 10:35 p.m.8 views

WordPress Simple:Press plugin <= 6.10.11 - Cross-Site Request Forgery to Unauthorized Post Editing vulnerability

Cross-Site Request Forgery to Unauthorized Post Editing vulnerability discovered by 20kilograma in WordPress Plugin Simple:Press versions = 6.10.12...

4.3CVSS7AI score0.00188EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/28 3:15 p.m.4 views

AZL-51819 CVE-2024-45802 affecting package squid 5.7-5

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted...

7.5CVSS5.7AI score0.45289EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 3:15 p.m.2 views

DEBIAN-CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted...

7.5CVSS7.3AI score0.45289EPSS
Exploits0References1
Rows per page
Query Builder