Lucene search
K

15 matches found

OSV
OSV
added 2025/12/11 4:16 p.m.2 views

CVE-2025-59802

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.7 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit Corporation of China.Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor versions prior to 2025.2.1, which stems from an OCG state attribute not...

7.5CVSS6.3AI score0.00276EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/23 12:31 a.m.15 views

camaleon_cms affected by cross site scripting

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field...

4.8CVSS7.3AI score0.00973EPSS
Exploits1References4Affected Software1
RubySec
RubySec
added 2024/10/23 12:0 a.m.18 views

camaleon_cms affected by cross site scripting

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field...

4.8CVSS7.1AI score0.00973EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

CamaleonCMS 跨站脚本漏洞

CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. A security vulnerability exists in CamaleonCMS version v2.7.5, which stems from the presence of a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code...

4.8CVSS7AI score0.00973EPSS
Exploits1References2
OSV
OSV
added 2024/10/22 12:0 a.m.15 views

CVE-2024-48652

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field...

4.8CVSS7.5AI score0.00973EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/19 12:0 a.m.5 views

PT-2024-33173 · Unknown · Camaleon Cms

Name of the Vulnerable Software and Affected Versions: camaleon-cms version 2.7.5 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the content group name field. Recommendations: For camaleon-cms version 2.7.5, update to a version that fixes this iss...

4.8CVSS7.6AI score0.00973EPSS
Exploits1References9
OSV
OSV
added 2022/11/21 4:15 p.m.4 views

CVE-2022-40129

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...

7.8CVSS5.8AI score0.0098EPSS
Exploits1References1
NVD
NVD
added 2022/11/21 4:15 p.m.18 views

CVE-2022-40129

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...

8.8CVSS0.0098EPSS
Exploits1References1
Prion
Prion
added 2022/11/21 4:15 p.m.21 views

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...

4.4CVSS7.8AI score0.0098EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/21 4:5 p.m.96 views

CVE-2022-40129

Affected product: Foxit PDF Reader (v12.0.1.12430). Vulnerability: Use-after-free in the JavaScript engine triggered by crafted PDFs, specifically via Optional Content Group API, leading to arbitrary code execution. Exploitation may require user action or could occur if a malicious site is visite...

8.8CVSS7.6AI score0.0098EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/11/21 4:5 p.m.33 views

CVE-2022-40129

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...

8.8CVSS7.9AI score0.0098EPSS
Exploits1References1
OSV
OSV
added 2018/02/27 5:29 a.m.4 views

CVE-2018-4910

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

8.8CVSS5.8AI score0.24954EPSS
Exploits0References3
Prion
Prion
added 2018/02/27 5:29 a.m.19 views

Heap overflow

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

6.8CVSS8.5AI score0.24954EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2015/10/29 12:0 a.m.8 views

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to execute arbitrary code.

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a malicious actor to...

9.3CVSS6.1AI score0.05995EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder