CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

PT-2026-36706

Name of the Vulnerable Software and Affected Versions toeverything AFFiNE versions prior to 0.26.4 Description An authorization bypass exists in the Public Markdown Preview Endpoint. A remote attacker can manipulate the allowDocPreview function within the '/workspace/:workspaceId/:docId' endpoint...

EUVD-2026-16038

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

PT-2026-28152

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

CVE-2022-37774

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...

Exploit for CVE-2022-30190

LetsDefend-SOC173-Follina-0-Day-Detected We are presented with...

EUVD-2017-1352

Malware in sbrugna...

EUVD-2022-40384

Malicious code in bioql PyPI...

EUVD-2024-33394

Malicious code in bioql PyPI...

CVE-2025-51966

A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...

CVE-2025-51966

CVE-2025-51966 describes an XSS in uTools up to version 7.1.1, specifically in the PDF preview feature. The vulnerability arises when previews of specially crafted PDF files cause embedded JavaScript to execute within the application's privileged context, potentially enabling data theft or unauth...

CVE-2025-53179

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a null pointer dereference in the PDF Preview module, and can ...

CVE-2024-10126

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7 allows an authenticated user to read server local files of a limited set of filetypes via document preview...

CVE-2024-10126

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7 allows an authenticated user to read server local files of a limited set of filetypes via document preview...

CVE-2024-10126

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7 allows an authenticated user to read server local files of a limited set of filetypes via document preview...

CVE-2024-10126

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7 allows an authenticated user to read server local files of a limited set of filetypes via document preview...

CVE-2024-10126 Local file inclusion vulnerability in M-Files Server

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7 allows an authenticated user to read server local files of a limited set of filetypes via document preview...

CVE-2024-10126

The CVE concerns M-Files Server with a Local File Inclusion (LFI) in the document preview feature. Affected versions are before 24.11 (excluding 24.8 SR1, 24.2 SR3, and 23.8 SR7). An authenticated user can read server-local files of a limited set of filetypes via the document preview. Root cause:...