Lucene search
K

693 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-57245

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42187

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-57245

Foxit PDF Editor/Reader contains a use-after-free vulnerability in the handling of hyperlink annotations when opening and traversing annotation elements. The issue can lead to an invalid state and an invalid pointer write during destruction, causing a crash. CVSSv3.1 base score 7.8 ( HIGH ) with ...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42207

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-57245

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-57248

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-57252

When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56351

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description A use-after-free issue occurs when the application opens a PDF file. During the process where JavaScript deletes pages and removes attachment annotations, the attachment panel...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-56347

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description Insufficient object type and argument checks occur when the application opens a PDF file and JavaScript writes annotation attributes. This leads to damage in the internal...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/02 3:37 p.m.11 views

CVE-2026-53492

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...

9.6CVSS5.9AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 9:2 a.m.2 views

OPENSUSE-SU-2026:21201-1 Security update for jackson-annotations, jackson-core, jackson-databind

This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...

8.1CVSS6.1AI score0.00695EPSS
Exploits1References9
OSV
OSV
added 2026/07/01 8:56 a.m.2 views

SUSE-SU-2026:22504-1 Security update for jackson-annotations, jackson-core, jackson-databind

This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...

8.1CVSS6.1AI score0.00695EPSS
Exploits1References10
Amazon
Amazon
added 2026/06/29 12:0 a.m.5 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

9.9CVSS6AI score0.00412EPSS
Exploits0
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-13434

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5638 Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations in github.com/kata-containers/kata-containers

Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations in github.com/kata-containers/kata-containers...

5.9AI score0.00057EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/25 1:18 p.m.9 views

USN-8472-1: containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...

9.9CVSS6.4AI score0.00781EPSS
Exploits0
OSV
OSV
added 2026/06/25 1:18 p.m.6 views

USN-8472-1 containerd-app vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...

9.9CVSS6.4AI score0.00781EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2026/06/25 1:14 p.m.10 views

USN-8473-1: containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...

9.9CVSS6.4AI score0.00781EPSS
Exploits0
Snyk
Snyk
added 2026/06/25 6:7 a.m.6 views

Unsafe Dependency Resolution

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via Groovy AST transformation annotations during...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 2:10 a.m.13 views

CVE-2026-57281

A flaw was found in the Jenkins Script Security Plugin. Attackers with the ability to run sandboxed Groovy scripts can exploit this vulnerability to execute arbitrary code outside the sandbox environment. This is due to the plugin's failure to reject Groovy Abstract Syntax Tree AST transformation...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References4
Rows per page
Query Builder