Lucene search
K

1084 matches found

NVD
NVD
added 5 days ago4 views

CVE-2026-55229

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
CVE
CVE
added 5 days ago86 views

CVE-2026-55229

Gotenberg prior to 8.34.0 contains an SSRF/local-file disclosure in the /forms/libreoffice/convert endpoint. A specially crafted DOCX can cause LibreOffice to fetch external HTTP(S) resources (blind SSRF) and load local image resources during conversion, potentially exposing internal endpoints an...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 6 days ago7 views

CVE-2026-58471

A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References5
NVD
NVD
added 2026/07/07 9:17 p.m.9 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 9:17 p.m.3 views

UBUNTU-CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 7:47 p.m.15 views

CVE-2026-58471

GNU Wget up to 1.25.0 contains a heap buffer overflow in convert_fname() (src/url.c) that can be triggered by a server-supplied filename requiring character set conversion. When the output buffer is too small and iconv E2BIG reallocates, the remaining space is miscalculated, allowing memory corru...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 7:47 p.m.6 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56240

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.0 commit c2640fe Description A heap buffer overflow occurs in the convert fname function within src/url.c. This issue is triggered when a server-supplied filename requires character set conversion and the output...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References13
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 6:32 p.m.8 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 12:17 a.m.33 views

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS0.00132EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 12:17 a.m.16 views

CVE-2026-54639

CVE-2026-54639 affects Style Dictionary prior to 5.4.4, with a prototype pollution vulnerability in the convertTokenData utility (versions 4.3.0–4.x before 5.4.4). The impact is high when Style Dictionary is used as a Node.js server integration, moderate for web app integrations, and low for toke...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 12:17 a.m.3 views

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS6AI score0.00132EPSS
Exploits0References6
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails CVE-2026-45899 In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown CVE-2026-45920 In the...

7.8CVSS5.8AI score0.00172EPSS
Exploits0
OSV
OSV
added 2026/06/19 8:47 p.m.23 views

GHSA-HP36-V28F-W3R4 flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key

Summary convert builds the nested tree by using each flat record's id and parent field values directly as object keys, with no guard against proto / constructor / prototype. A record whose parent is the string "proto" makes tempparent resolve to Object.prototype, and the following initPush...

7.5CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/06/18 1:4 p.m.5 views

GHSA-2MRG-35HW-X3X9 Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 1:4 p.m.8 views

Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.26 views

PT-2026-50731

Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 11:17 p.m.14 views

CVE-2026-9748

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 10:8 p.m.8 views

CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder