Lucene search
K

1795 matches found

RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-59937

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table...

7.5CVSS6AI score0.00345EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago4 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS7AI score0.00078EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-55596

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56579

Name of the Vulnerable Software and Affected Versions Plate versions 53.0.0 through 53.1.3 Description The media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted document to specify a known video...

8.7CVSS6.1AI score0.00241EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41157

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54671

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in PDFium, a PDF rendering engine, allows a remote attacker to perform UI spoofing by using a specially crafted PDF file. Recommendations Update Google...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
CVE
CVE
added 2026/06/30 10:39 p.m.20 views

CVE-2026-14108

CVE-2026-14108 is a use-after-free in PDFium underlying Google Chrome prior to 150.0.7871.47. The flaw allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted PDF file. Affected component: PDFium within Chrome; root cause: use-after-free vulnerability. Impact: ...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54383

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in PDFium allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted PDF file. Use after free is a memory corruption flaw th...

9.8CVSS6.4AI score0.00413EPSS
Exploits0References447
NVD
NVD
added 2026/06/29 10:16 a.m.9 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.0012EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in pypdf2

pypdf is a free and open-source Python-based PDF library. Prior to version 6.7.2, an attacker who exploited this vulnerability could create a PDF that would lead to an infinite loop. This required reading the file. This issue has been fixed in pypdf 6.7.2. As a workaround, one can manually apply...

7.5CVSS6.6AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

DEBIAN-CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/22 8:28 p.m.6 views

CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS5.8AI score0.00111EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/22 8:26 p.m.7 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 4:44 a.m.7 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.2AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49743

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that triggers an infinite loop. This occurs when merging a file containing outlines into a writer. Recommendations Update to...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/10 6:33 a.m.26 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References5
NVD
NVD
added 2026/06/08 3:16 p.m.17 views

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS0.00358EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:59 p.m.6 views

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References2
Rows per page
Query Builder