Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-57204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can...

6.9CVSS5.9AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 9:16 p.m.11 views

CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:28 p.m.3 views

CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:26 p.m.6 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:26 p.m.26 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 8:26 p.m.4 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 2:28 p.m.12 views

GHSA-JM82-FX9C-MX94 pypdf: Missing stream length values ignore defined limits

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. Patches This has been fixed in pypdf==6.13.3. Workarounds If you cannot upgrade yet,...

6.9CVSS5.3AI score0.00206EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/05 3:34 p.m.9 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the CSV export functionality. An attacker can cause command execution or data exfiltration by injecting malicious formulas into exported fields, which are then executed when the CSV file is opened in spreadsheet softwar...

6.5CVSS5.9AI score0.00228EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 12:20 p.m.27 views

CVE-2026-27694

Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/05 12:20 p.m.16 views

EUVD-2026-27309

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37033

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.13 views

CVE-2025-65235

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

9.8CVSS8.4AI score0.00392EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.6 views

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway version 6.13.11, which stems from an SQL injection in the ID parameter of the getSubUsersByProvider function...

9.8CVSS7.9AI score0.00392EPSS
Exploits1References4
CVE
CVE
added 2025/11/20 12:47 p.m.29 views

CVE-2025-41074

LimeSurvey 6.13.0 has a vulnerability in the /optout endpoint causing infinite HTTP redirects, which can exhaust server/client resources and lead to DoS or degraded service. Affected product: LimeSurvey (LimeSurvey/limesurvey). Root cause: infinite redirect loop when accessing /optout. Impact: po...

7.5CVSS6.4AI score0.00279EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.4 views

PT-2025-47569

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0 Description A flaw exists in LimeSurvey version 6.13.0 within the /optout endpoint that results in infinite HTTP redirects when directly accessed. This can be leveraged to create a Denial of Service DoS attack by...

7.5CVSS6.5AI score0.00279EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.11 views

Incus 安全漏洞

Incus is an LXC open source system container and virtual machine manager. A security vulnerability exists in Incus versions 6.12 and 6.13, which stems from a partial bypass of security options in the nftables rule, and could lead to DHCP pool exhaustion...

3.4CVSS6AI score0.00202EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/07/14 6:15 p.m.5 views

CVE-2023-32761

Cross Site Request Forgery CSRF vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request...

8.1CVSS7.6AI score0.00356EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/27 12:0 a.m.4 views

Orckestra C1 CMS 代码问题漏洞

C1 CMS is an open source web content management system CMS based on .NET. A deserialization vulnerability exists in versions of Orckestra C1 CMS prior to 6.13. An authenticated attacker can exploit this vulnerability to execute arbitrary code...

9CVSS7.3AI score0.01233EPSS
Exploits0References4
Rows per page
Query Builder