Lucene search
K

20 matches found

EUVD
EUVD
added 2 days ago10 views

EUVD-2026-43227

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS6.2AI score0.00421EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42891

phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...

5.1CVSS6.1AI score0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 10:45 a.m.35 views

CVE-2026-13150 SSRF in Pentestify PDF generation endpoint via Host header

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 9:5 a.m.30 views

CVE-2026-8811

CVE-2026-8811 affects SEPPmail versions before 15.0.5, in the PDF generation module. Improper handling of attachment filenames during encrypted PDF creation allows path traversal, enabling an attacker to create files outside the intended directory and potentially place them in web‑accessible loca...

7.1CVSS5.3AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29341

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.9 views

PT-2026-2267

Name of the Vulnerable Software and Affected Versions Viafirma Documents version 3.7.129 Description Weaknesses in the authorization mechanisms allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate...

8.7CVSS6.7AI score0.00205EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0308

Malware in sbrugna...

4.3CVSS8.3AI score0.03622EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-0797

Malware in sbrugna...

7.5CVSS6.5AI score0.05061EPSS
Exploits0References34
Snyk
Snyk
added 2025/08/26 5:45 p.m.3 views

Directory Traversal

Overview xml2rfc is a Xml2rfc generates RFCs and IETF drafts from document source in XML according to the IETF xml2rfc v2 and v3 vocabularies. Affected versions of this package are vulnerable to Directory Traversal via the PDF generation process. An attacker can access arbitrary files on the...

8.7CVSS7.5AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:49 a.m.5 views

CVE-2024-20274

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due ...

5.5CVSS6.8AI score0.00417EPSS
Exploits0References1
Fedora
Fedora
added 2024/11/06 4:49 a.m.10 views

[SECURITY] Fedora 40 Update: php-tcpdf-6.7.7-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

7.5CVSS7.7AI score0.01113EPSS
Exploits1
Cvelist
Cvelist
added 2024/05/14 1:30 p.m.24 views

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...

7AI score0.00454EPSS
Exploits0References2
RubySec
RubySec
added 2024/02/28 12:0 a.m.23 views

YARD's default template vulnerable to Cross-site Scripting in generated frames.html

Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...

6.1CVSS5.5AI score0.0106EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/01/31 6:15 p.m.3 views

CVE-2023-50165

Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents...

8.6CVSS5.8AI score0.00338EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2022/11/08 8:0 a.m.102 views

Description of the security update for SharePoint Server 2019: September 13, 2022 (KB5002258)

None None...

8.8CVSS6.8AI score0.52885EPSS
Exploits0
OSV
OSV
added 2022/11/03 11:15 p.m.3 views

CVE-2022-43571

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component...

8.8CVSS6AI score0.14314EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.6 views

PT-2022-26974 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows an authenticated user to execute arbitrary code through the dashboard PDF generation...

8.8CVSS8.9AI score0.14314EPSS
Exploits5References6
Microsoft KB
Microsoft KB
added 2022/09/13 7:0 a.m.77 views

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002159)

Description of the security update for SharePoint Foundation 2013: September 13, 2022 KB5002159 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

8.8CVSS9.4AI score0.01552EPSS
Exploits0
CISA
CISA
added 2016/01/29 12:0 a.m.13 views

FTC Announces Enhancements to IdentityTheft.gov

The Federal Trade Commission FTC has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the...

6.7AI score
Exploits0References2
0day.today
0day.today
added 2010/07/12 12:0 a.m.28 views

Accomplease Leasing Software SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================== Accomplease Leasing Software SQL Injection Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...

7.1AI score
Exploits0
Rows per page
Query Builder