Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2839 matches found

OSV
OSVadded 2026/02/28 2:46 a.m.0 views

GHSA-F2V5-7JQ9-H8CG pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

6.9CVSS5.7AI score0.00019EPSS
Exploits0References6
Snyk
Snykadded 2026/02/28 12:14 a.m.0 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the RunLengthDecode filter, implemented in filters.py. An attacker can cau...

6.9CVSS6AI score0.00019EPSS
Exploits0References2
NVD
NVDadded 2026/02/27 9:16 p.m.5 views

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS0.00019EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/02/27 9:16 p.m.2 views

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS5.8AI score0.00019EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/27 8:59 p.m.2 views

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS5.8AI score0.00019EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/02/27 8:59 p.m.17 views

CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS0.00019EPSS
Exploits0References4
OSV
OSVadded 2026/02/27 8:59 p.m.2 views

CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS5.8AI score0.00019EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/02/27 4:13 a.m.3 views

CVE-2026-27809

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

9.1CVSS5.3AI score0.00076EPSS
Exploits1References1
EUVD
EUVDadded 2026/02/26 7:55 p.m.2 views

EUVD-2026-8791

pypdf: Manipulated FlateDecode XFA streams can exhaust RAM...

8.7CVSS5.2AI score0.00055EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/02/26 2:58 p.m.3 views

CVE-2026-27888

A flaw was found in pypdf. A remote attacker can exploit this vulnerability by crafting a malicious PDF document. When a user processes this specially crafted PDF, it can lead to excessive memory consumption, resulting in a Denial of Service DoS for the affected system. This issue specifically...

8.7CVSS5.6AI score0.00055EPSS
Exploits1References7
Debian
Debianadded 2026/02/26 8:21 a.m.4 views

[SECURITY] [DLA 4493-1] libstb security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4493-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 26, 2026 https://wiki.debian.org/LTS -...

8.8CVSS6.1AI score0.01116EPSS
Exploits4
RedHat Linux
RedHat Linuxadded 2026/02/26 4:25 a.m.6 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.6AI score0.03752EPSS
Exploits2References11
OSV
OSVadded 2026/02/26 1:16 a.m.2 views

DEBIAN-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

7.5CVSS8.1AI score0.00055EPSS
Exploits1References1
OSV
OSVadded 2026/02/26 1:16 a.m.0 views

UBUNTU-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.7AI score0.00055EPSS
Exploits1References6
Debian CVE
Debian CVEadded 2026/02/26 12:42 a.m.4 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS8.1AI score0.00055EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/02/26 12:42 a.m.2 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.4AI score0.00055EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/02/26 12:42 a.m.14 views

CVE-2026-27888

CVE-2026-27888 affects the pypdf library (Python) prior to 6.7.3. The issue arises when an attacker crafts a PDF that causes RAM exhaustion by accessing the reader/writer’s xfa property and a compressed stream using FlateDecode, leading to high availability impact. The vulnerability does not disc...

8.7CVSS5.4AI score0.00055EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.3 views

PT-2026-22068

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.3 Description A crafted PDF file can cause excessive RAM usage, potentially leading to exhaustion. This occurs when accessing the xfa property of a reader or writer, specifically when the corresponding stream is...

8.7CVSS5.9AI score0.00055EPSS
Exploits1References14
UbuntuCve
UbuntuCveadded 2026/02/26 12:0 a.m.2 views

CVE-2026-27809

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

9.1CVSS5.9AI score0.00076EPSS
Exploits1References4
UbuntuCve
UbuntuCveadded 2026/02/26 12:0 a.m.4 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.7AI score0.00055EPSS
Exploits1References5
Rows per page
Query Builder