CVE-2026-7217 Deepractice PromptX Document File index.ts read_pdf absolute path traversal

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

EUVD-2025-9727

Malicious code in bioql PyPI...

EUVD-2025-7510

Malicious code in bioql PyPI...

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

CVE-2025-3241

The CVE-2025-3241 entry concerns youkefu (zhangyanbo2007) up to version 4.2.0, focusing on the XML Document Handler’s CallCenterRouterController.java. The root cause is manipulation of the routercontent argument triggering an XML External Entity (XXE) reference, enabling remote initiation of an a...

PT-2025-14881 · Youkefu · Youkefu

Name of the Vulnerable Software and Affected Versions: zhangyanbo2007 youkefu versions up to 4.2.0 Description: A problematic issue was found in the XML Document Handler component, specifically affecting the CallCenterRouterController.java file. The manipulation of the routercontent argument lead...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125

CVE-2025-2125 affects Control iD RH iD 25.2.25.0, specifically the PDF Document Handler. The vulnerability lies in the handling of the parameter nsr for the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1, causing improper control of resource identifiers. The issue is exploitable remote...

Malicious code in @c11-lib-ts/document-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf45faf4cf8ea3609807fa01163bcf09cd1e633ed2744a8593f0efe85a8f0b24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2024-4327

The CVE-2024-4327 entry concerns Apryse WebViewer (up to 10.8.0). Affected component: the PDF Document Handler, where a cross-site scripting flaw has been identified. Root cause: improper handling in this component enables malicious input to execute in the context of a user session. Impact: remot...

Apryse WebViewer 跨站脚本漏洞

Apryse WebViewer is a web browser from Apryse Corporation. A cross-site scripting vulnerability exists in Apryse WebViewer version 10.8.0, which stems from the component PDF Document Handler that causes cross-site scripting...

PT-2024-30433 · Apryse · Apryse Webviewer

Name of the Vulnerable Software and Affected Versions: Apryse WebViewer versions up to 10.8.0 Description: A vulnerability was found in the PDF Document Handler component of Apryse WebViewer, which can lead to cross site scripting. The manipulation can be initiated remotely. The vendor recommends...