Lucene search
K

1795 matches found

SUSE CVE
SUSE CVE
added 2026/04/17 12:4 p.m.7 views

SUSE CVE-2026-6305

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.5AI score0.00336EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/17 12:4 p.m.7 views

SUSE CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

7.2CVSS6.5AI score0.0031EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 5:16 p.m.6 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS0.00379EPSS
Exploits0References5
OSV
OSV
added 2026/04/16 5:16 p.m.13 views

ALPINE-CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

2.9CVSS5.4AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33342

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.6 Description The software uses insufficient entropy, which allows hash flooding to occur through a specially crafted XML document. Hash flooding is a technique where many different inputs are designed to produce...

7.5CVSS5.1AI score0.00379EPSS
Exploits0References38
Snyk
Snyk
added 2026/04/16 12:0 a.m.7 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' while handling a specially crafted XML Schema Definition XSD validated document containing an internal entity reference. An attacker can cause the application to crash by...

7.5CVSS5.8AI score0.00632EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

7.2CVSS6.5AI score0.0031EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/15 7:4 p.m.22 views

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

0.0031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6305

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.4AI score0.00336EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.30 views

CVE-2025-69624

Nitro PDF Pro before 14.43 for Windows contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is...

0.00428EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 12:0 a.m.12 views

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference in the JavaScript app.alert() implementation. When called with more than one argument and the first is null (e.g., app.alert(app.activeDocs, true) with activeDocs null), the engine routes to a fallback path for non-string arg...

7.5CVSS5.9AI score0.00428EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/04 11:27 p.m.6 views

SUSE CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

7.8CVSS6.1AI score0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 6:31 a.m.4 views

EUVD-2026-17804

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.2AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:41 a.m.2 views

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.3CVSS6.2AI score0.00417EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/01 4:41 a.m.21 views

CVE-2026-5287

The CVE-2026-5287 issue affects Google Chrome prior to 146.0.7680.178, caused by a use-after-free in the PDF handling path, allowing a remote attacker to execute arbitrary code within the browser sandbox via a crafted PDF. The connected sources corroborate this memory safety fault in Chrome/Chrom...

8.8CVSS6.2AI score0.00417EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/01 3:31 a.m.7 views

EUVD-2026-17753

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3776

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/31 1:13 p.m.2 views

CVE-2026-3308 CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

6.1AI score0.00213EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 1:13 p.m.19 views

CVE-2026-3308

CVE-2026-3308 : A heap-based buffer overflow in MuPDF’s pdf_load_image_imp (pdf-image.c) on 1.27.0 allows malformed PDFs to trigger heap overflow, potentially enabling arbitrary code execution. Vendor/community advisories show fixes across multiple distributions: Debian bookworm (1.21.1+ds2-1+deb...

7.8CVSS6.1AI score0.00213EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/22 12:25 a.m.6 views

SUSE CVE-2026-4455

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References3
Rows per page
Query Builder