59 matches found
CVE-2026-45738
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...
CVE-2026-13126
CVE-2026-13126 affects Foxit PDF Editor/Reader due to a use-after-free in the handling of PDF annotations (embedded JavaScript). The issue can lead to a crash when the application attempts to write to an invalid popup annotation object, as described in the CVE description. CVSS 3.1 metrics indica...
CVE-2026-57238 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...
CVE-2026-57248
The CVE-2026-57248 entry concerns Foxit PDF Editor/Reader where opening a PDF and performing JavaScript to write annotation attributes can bypass object type/argument checks, corrupting the internal annotation structure and causing a crash on release. This is described as a local, user-interactio...
CVE-2026-57249 Foxit PDF Editor/Reader Annotation Use-After-Free Vulnerability
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
RHCOS 4 : OpenShift Container Platform 4.13.43 (RHSA-2024:3496)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3496 advisory. - cri-o: Arbitrary command injection via pod annotation CVE-2024-3154 Note that Nessus has not tested for this issue but has instead relied...
CVE-2026-5940 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
CVE-2025-66495
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...
Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
EUVD-2021-21595
Malware in sbrugna...
EUVD-2024-50292
Malicious code in bioql PyPI...
EUVD-2024-50295
Malicious code in bioql PyPI...
SQL Injection
Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in FilteredRelation when crafted dictionaries are expanded as keyword arguments to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject and execute arbitrary SQL...
Linux Distros Unpatched Vulnerability : CVE-2020-12052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version 6.7.3 is vulnerable for annotation popup XSS. CVE-2020-12052 Note that Nessus relies on the presence of the package as reported by the vendor...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...