Lucene search
K

21 matches found

OSV
OSV
added 2026/06/22 9:16 p.m.4 views

DEBIAN-CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:27 p.m.10 views

CVE-2026-49461

CVE-2026-49461 affects the Python PDF library pypdf . The vulnerability occurs before version 6.12.2 and lets an attacker craft a PDF whose page contains a form XObject with self-references, causing large memory usage during text extraction. Impact is memory-related and can affect systems process...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:27 p.m.24 views

CVE-2026-49461 pypdf: Possible large memory usage for form XObjects during text extraction

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

6.9CVSS0.00123EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 1:45 p.m.12 views

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

6.9CVSS5.1AI score0.0013EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.15 views

SUSE CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 4:16 p.m.11 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS0.0013EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 4:16 p.m.27 views

CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS0.00127EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 2:51 p.m.12 views

CVE-2026-48155 pypdf: Possible large memory usage for large offsets for layout mode text

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

4.8CVSS5.8AI score0.00127EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:50 p.m.10 views

CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 11:22 a.m.9 views

CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

5.4CVSS5.7AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2026/01/14 7:16 p.m.8 views

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS0.00306EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Handle the return value of hdrfirstde The hdrfirstde function returns a pointer to a struct NTFSDE. This pointer may be NULL. To effectively handle the NULL error, it is important to implement an error handler. This wil...

5.5CVSS6.1AI score0.00138EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.10 views

Incus 安全漏洞

Incus is an LXC open source system container and virtual machine manager. A security vulnerability exists in Incus versions 6.12 and 6.13, which stems from a partial bypass of security options in the nftables rule, and could lead to DHCP pool exhaustion...

3.4CVSS6AI score0.00202EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Handling of NULL sock pointer in l2capsockalloc A NULL sock pointer is passed into l2capsockalloc when it is called from l2capsocknewconnectioncb. Error handling mechanisms should also take this into account. A...

5.5CVSS6.3AI score0.00189EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: A memory leak has been fixed in the error-handling path of idxdalloc. The memory allocated for idxd is not freed if an error occurs during idxdalloc. To fix this issue, free the allocated memory in the reverse...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.6 views

PT-2025-9012

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.7-770 2 Description A vulnerability in the Linux kernel has been identified, which can cause the system to crash when using touchscreen and framebuffer on certain devices, such as the Nokia 770. The issue is...

5.5CVSS7AI score0.00176EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.6 views

tgstation-server 授权问题漏洞

tgstation-server is a tgstation open source toolset for managing production BYOND servers. An authorization issue vulnerability exists in tgstation-server versions prior to 6.12.3, which arises from incorrectly performing an "or" operation instead of an "and"...

8.8CVSS6.5AI score0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.4 views

PT-2025-4299 · Unknown · Tgstation-Server

Name of the Vulnerable Software and Affected Versions: tgstation-server versions prior to 6.12.3 Description: The issue concerns improper role authorization in tgstation-server, a production-scale tool for BYOND server management. Prior to version 6.12.3, roles used to authorize API methods were...

8.8CVSS7.1AI score0.00454EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.8 views

PT-2024-36983

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0 Description A vulnerability in the Linux kernel has been resolved, related to the virtio net module. When virtnet close is followed by virtnet open, some TX completions can remain unconsumed, leading to a...

5.6CVSS5.4AI score0.00196EPSS
Exploits0
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

WordPress plugin Ecwid Ecommerce Shopping Cart security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

4.3CVSS6.6AI score0.00217EPSS
Exploits2References2
Rows per page
Query Builder