Lucene search
K

1668 matches found

CVE
CVE
added 2026/06/18 9:5 a.m.24 views

CVE-2026-8811

CVE-2026-8811 affects SEPPmail versions before 15.0.5, in the PDF generation module. Improper handling of attachment filenames during encrypted PDF creation allows path traversal, enabling an attacker to create files outside the intended directory and potentially place them in web‑accessible loca...

7.1CVSS5.3AI score0.00319EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.7 views

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.2AI score0.00153EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37545

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0References3
Debian
Debian
added 2026/06/16 7:50 p.m.4 views

[SECURITY] [DLA 4632-1] atril security update

Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 16, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.26.0-2+deb12u4 CVE ID : CVE-2026-46529 Debian Bug : 1139874 It was discovered that atril, a simple multi-page...

8.4CVSS5.3AI score0.00529EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-49742

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that triggers an infinite loop. This occurs specifically when extracting text in layout mode. Recommendations Update to...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 6:16 p.m.12 views

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

7.3CVSS0.00114EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 4:21 p.m.8 views

CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.2AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 4:21 p.m.43 views

CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 10:21 a.m.11 views

EUVD-2026-36715

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...

8.6CVSS5.7AI score0.00129EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49263

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.3AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49191

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the application fails to intercept certain dangerous interfaces when executing JavaScript scripts embedded in PDF files within the sandbox...

8.6CVSS6.1AI score0.00129EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/12 9:59 p.m.29 views

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

7.8CVSS0.00131EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/12 6:29 p.m.14 views

pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

5.1CVSS5.1AI score0.00124EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/12 12:26 p.m.7 views

OESA-2026-2649 poppler security update

is a PDF rendering library. Security Fixes: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized...

7.8CVSS5.8AI score0.00252EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:0 a.m.20 views

RLSA-2026:24984 Important: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 For more details about the...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/10 7:46 p.m.8 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 7:46 p.m.8 views

EUVD-2026-36109

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

9.6CVSS8.2AI score0.0234EPSS
Exploits2References3
CVE
CVE
added 2026/06/10 7:46 p.m.131 views

CVE-2026-46529

Technical details such as affected versions, impact, and remediation are not provided in the supplied documents; monitor for updates from official advisories.

8.4CVSS6.5AI score0.00529EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/10 6:8 p.m.7 views

CVE-2026-11670

An use after free flaw was found in the PDF component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=515469283...

9.6CVSS5.4AI score0.00224EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 6:30 a.m.7 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References5
Rows per page
Query Builder