CVE-2026-42451

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

CVE-2026-42451

Grimmory (self-hosted digital library) has a stored XSS vulnerability in its browser-based EPUB reader affecting versions prior to 2.3.1. An attacker can embed arbitrary JavaScript in a crafted EPUB, which executes in the victim’s browser with the Grimmory session context, enabling session token ...

CVE-2026-34529

CVE-2026-34529 describes a Stored Cross-Site Scripting (XSS) flaw in File Browser’s EPUB preview prior to version 2.62.2. The root cause is the EPUB preview path (frontend/src/views/files/Preview.vue) passing allowScriptedContent to epub.js, whose iframe sandbox settings (allow-scripts with allow...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the EPUB preview function in File Browser. An attacker can execute arbitrary JavaScript in the context of the victim's browser by uploading a crafted EPUB file containing malicious scripts. This allows the...

EUVD-2017-6046

Malware in sbrugna...

EUVD-2016-1374

Malware in sbrugna...

EUVD-2017-6043

Malware in sbrugna...

EUVD-2017-6044

Malware in sbrugna...

EUVD-2017-6045

Malware in sbrugna...

EUVD-2023-28730

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

CVE-2023-24720

An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file...

PDFTools 安全漏洞

PDFTools is an advanced tool by Leonardo Alves da Costa Personal Developer. It is used to convert PDF files to ePUB format. A security vulnerability exists in PDFTools version 0.5.0, which originates from a maliciously crafted epub file that may cause a stack overflow leading to a crash...

readium-js 代码问题漏洞

readium-js is Readium open source an EPUB processing engine written in Javascript . A security vulnerability exists in readium-js version v0.32.0, which stems from an arbitrary file upload vulnerability that can be exploited by an attacker to execute arbitrary code by uploading a crafted EPUB fil...

CVE-2022-23850

xhtmltranslateentity in xhtml.c in epub2txt aka epub2txt2 through 2.02 allows a stack-based buffer overflow via a crafted EPUB document...

Adobe Digital Editions Buffer Overflow Vulnerability (CNVD-2018-09333)

Adobe Digital Editions DE is a set of e-book reading and management software of the United States Ordoby Adobe. Through the software can open, read and manage PDF, XML, Flash files. A stack overflow vulnerability exists in Adobe DE 4.5.7 and previous versions based on Windows, Macintosh, iOS and...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30327)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability to cause a denial of service with the help of a...

Design/Logic Flaw

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

Design/Logic Flaw

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at...

CVE-2017-14546

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...