MAL-2025-40689 Malicious code in yyf-convert (npm)

The package yyf-convert was found to contain malicious code...

Malicious code in color-convert-conversions (npm)

The package color-convert-conversions was found to contain malicious code...

MAL-2025-17287 Malicious code in color-convert-conversions (npm)

The package color-convert-conversions was found to contain malicious code...

Malicious code in ducanh1368-gas-convert (npm)

The package ducanh1368-gas-convert was found to contain malicious code...

MAL-2025-18956 Malicious code in ducanh1368-gas-convert (npm)

The package ducanh1368-gas-convert was found to contain malicious code...

CVE-2025-55161

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2025-55161

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2025-55161

Stirling-PDF prior to v1.1.0 exposes a Server-Side Request Forgery (SSRF) flaw in /api/v1/convert/markdown/pdf. The Markdown-to-PDF conversion uses a sanitizer that can be bypassed, allowing unauthenticated attackers to force the server to request arbitrary URLs (potentially internal). The issue ...

CVE-2025-55161 Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2025-55150 Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

CVE-2025-55151 Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality /api/v1/convert/file/pdf uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process...

CVE-2025-55151

Stirling-PDF prior to version 1.1.0 is affected by a Server-Side Request Forgery (SSRF) in the /api/v1/convert/file/pdf path, where LibreOffice’s unoconvert tool is used during file-to-PDF conversion. The vulnerability arises in the conversion process and has been patched in version 1.1.0. Affect...

PT-2025-32591 · Unknown +1 · Stirling-Pdf +1

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. The “convert file to pdf” functionality, accessible via the /api/v1/convert/file/pdf API endpoint, is susceptible...

The vulnerability of the ConvertFromJson method in the monitoring and security management tool Trend Micro Apex Central allows a attacker to execute arbitrary code in the context of NETWORK SERVICE.

The vulnerability of the ConvertFromJson method in the Trend Micro Apex Central security monitoring and management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of NETWORK SERVICE...

CVE-2025-34106

CVE-2025-34106 affects PDF Shaper v3.5 and v3.6. A buffer overflow occurs when using the “Convert PDF to Image” feature on a crafted PDF, allowing arbitrary code execution in the user context after the file is opened. Verified on Windows XP, 7, 8, and 10 via the PDFTools.exe component. Exploitati...

CVE-2025-34106 PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature

A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary...

SWFTools 缓冲区错误漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A buffer error vulnerability exists in SWFTools version 0.9.2 and earlier, which stems from an out-of-bounds read in the file lib/wav.c function wavconvert2mono in the compone...

UBUNTU-CVE-2022-50065

In the Linux kernel, the following vulnerability has been resolved: virtionet: fix memory leak inside XPDTX with mergeable When we call xdpconvertbufftoframe to get xdpf, if it returns NULL, we should check if xdppage was allocated by xdplinearizepage. If it is newly allocated, it should be freed...

UBUNTU-CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

The vulnerability of the ip_metrics_convert() function in the ipv4 component of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ipmetricsconvert function in the ipv4 component of the Linux operating system’s kernel is related to the lack of memory release. Exploiting this vulnerability could allow an attacker to cause a service failure...