Lucene search
+L

137 matches found

RedhatCVE
RedhatCVE
added 2026/07/10 11:45 a.m.8 views

CVE-2026-59937

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table...

7.5CVSS6AI score0.00345EPSS
Exploits0References7
NVD
NVD
added 2026/07/08 9:16 a.m.9 views

CVE-2026-57260

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.7 views

CVE-2026-57237

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/07/08 7:36 a.m.4 views

EUVD-2026-42196

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 6:46 p.m.18 views

CVE-2026-48716 nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes th...

8.7CVSS0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7728

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7217

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS5.5AI score0.0044EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 12:17 a.m.11 views

CVE-2026-11304

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Low...

8.8CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 12:38 a.m.19 views

EUVD-2026-33100

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

5.8AI score0.00224EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/05/27 1:2 p.m.16 views

USN-8321-1: Papers vulnerability

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...

8.4CVSS5.8AI score0.00529EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.16 views

DHTMLX Diagram 路径遍历漏洞

DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...

9.2CVSS5.8AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.68 views

CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

7.5CVSS0.0041EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/05/04 12:0 a.m.6 views

The vulnerability in the Google Chrome web browser, related to overflowing dynamic memory buffers, allows a malicious actor to trigger a service failure.

The vulnerability in the Google Chrome web browser is related to overflowing of buffers in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure through the use of a specially created PDF file...

10CVSS7.2AI score0.00481EPSS
Exploits0References10Affected Software3
EUVD
EUVD
added 2026/04/28 8:0 p.m.7 views

EUVD-2026-26152

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

7.5CVSS7.1AI score0.0041EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 3:16 a.m.15 views

CVE-2026-7217

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS0.0044EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 2:30 a.m.7 views

EUVD-2026-25973

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS5.4AI score0.0044EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 2:30 a.m.20 views

CVE-2026-7217

Summary: CVE-2026-7217 affects Deepractice PromptX ≤ 2.4.0. The vulnerability lies in the Document File Handler’s index.ts functions read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf, where manipulation of the argument path enables absolute path traversal. This is a remote-execution-capable...

6.9CVSS5.6AI score0.0044EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 2:30 a.m.34 views

CVE-2026-7217 Deepractice PromptX Document File index.ts read_pdf absolute path traversal

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS0.0044EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 2:30 a.m.2 views

CVE-2026-7217 Deepractice PromptX Document File index.ts read_pdf absolute path traversal

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS5.7AI score0.0044EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.14 views

PromptX 路径遍历漏洞

PromptX is an open-source AI role creation and intelligent tool development platform based on the MCP protocol by Deepractice. Versions of PromptX 2.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the path parameters of the functions readdocx, readxlsx,...

6.9CVSS6.1AI score0.0044EPSS
Exploits0References1
Rows per page
Query Builder