Lucene search
+L

88 matches found

osv
osv
added 6 days ago5 views

OPENSUSE-SU-2026:11249-1 python313-weasyprint-69.0-1.1 on GA media

These are all security issues fixed in the python313-weasyprint-69.0-1.1 package on the GA media of openSUSE Tumbleweed...

6.1AI score
Exploits0References1
circl
circl
added 2026/07/06 6:35 p.m.7 views

CVE-2026-49452

creationtimestamp| type| source ---|---|--- 2026-07-06 18:35:11+00:00| published-proof-of-concept| https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-jhhc-3hcp-qhm5...

5.9AI score
Exploits0References1
osv
osv
added 2026/07/06 5:29 p.m.7 views

GHSA-JHHC-3HCP-QHM5 WeasyPrint has CSS Injection via Presentational Hints

Summary A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. Details File: weasyprint/css/init.py The...

6.5CVSS6AI score
Exploits0References2
circl
circl
added 2026/06/27 12:35 a.m.11 views

CVE-2026-49358

creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:52+00:00| published-proof-of-concept| https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-5g9f-cwwg-4p8g...

3CVSS5.8AI score0.00112EPSS
Exploits0References1
circl
circl
added 2026/06/26 10:28 p.m.8 views

CVE-2026-49359

creationtimestamp| type| source ---|---|--- 2026-06-26 22:28:37+00:00| seen| https://bsky.app/profile/suriq.io/post/3mp7ykmyves2b 2026-06-27 00:35:49+00:00| published-proof-of-concept| https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-x8g9-h984-pc36...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References2
osv
osv
added 2026/06/26 10:10 p.m.3 views

GHSA-5G9F-CWWG-4P8G PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles

Summary AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying that the path is contained within the temporary folder. Any code holding a reference to a generato...

3CVSS6AI score0.00112EPSS
Exploits0References6
euvd
euvd
added 2026/06/26 9:46 p.m.10 views

EUVD-2026-38048

php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted isexecutable guard mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References5
osv
osv
added 2026/06/26 9:46 p.m.5 views

GHSA-F5GC-QXF8-MH9G php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

Summary pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX escapeshellarg'/usr/local/bin/weasyprint' returns '/usr/local/bin/weasyprint' with the single-quote...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References6
snyk
snyk
added 2026/06/19 7:8 p.m.5 views

Deserialization of Untrusted Data

Overview pontedilana/php-weasyprint is a PHP library allowing PDF generation from an url or a html page. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the prepareOutput method of src/AbstractGenerator.php, whose strpos$filename, 'phar://' guard is case...

9.2CVSS6.6AI score0.00555EPSS
Exploits0References2
nvd
nvd
added 2026/06/19 6:16 p.m.15 views

CVE-2026-49359

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS0.00242EPSS
Exploits0References4
snyk
snyk
added 2026/06/19 6:9 p.m.3 views

Command Injection

Overview pontedilana/php-weasyprint is a PHP library allowing PDF generation from an url or a html page. Affected versions of this package are vulnerable to Command Injection in the binary-path validation in src/AbstractGenerator.php, where isexecutable is tested against the escapeshellarg-quoted...

8.2CVSS6.2AI score0.00154EPSS
Exploits0References2
cve
cve
added 2026/06/19 5:6 p.m.19 views

CVE-2026-49359

PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 is vulnerable: the attachment option for Pdf can accept any value that passes filter_var(url), including http, https, ftp, file, and PHP streams like php://. The library fetches these values server-side via file_get_contents, allow...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/19 4:59 p.m.34 views

CVE-2026-49260 PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS0.00154EPSS
Exploits0References4
cve
cve
added 2026/06/19 4:59 p.m.18 views

CVE-2026-49260

CVE-2026-49260 affects PhpWeasyPrint prior to 2.5.1. The vulnerability arises from building the WeasyPrint command by passing the binary path through escapeshellarg() and then validating the quoted result with is_executable(); on POSIX systems this makes the bin path string contain quotes, causin...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/19 4:59 p.m.13 views

CVE-2026-49260

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/19 4:59 p.m.4 views

CVE-2026-49260 PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51002

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The library fetches content of option values server-side using the file get contents function when a value is...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50965

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.5.1 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software contains a shell command injection flaw occurring when the binary path for WeasyPrint is processed...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References13
nessus
nessus
added 2026/06/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - weasyprint - None Ubuntu Linux - Unknown description CVE-2026-49452 Note that Nessus relies on the presence of the package as reported by the...

5.9AI score
Exploits0References3
fedora
fedora
added 2026/06/14 5:4 a.m.14 views

[SECURITY] Fedora 43 Update: weasyprint-69.0-1.fc43

WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...

5.3AI score
Exploits0
Rows per page
Query Builder