CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/09 12:0 a.m.•9 views

Adobe Acrobat Reader 资源管理错误漏洞

7.8CVSS7.6AI score0.00285EPSS

Debian•added 2026/05/22 9:2 p.m.•11 views

[SECURITY] [DLA 4596-1] evince security update

Debian LTS Advisory DLA-4596-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : evince Version : 3.38.2-1+deb11u1 CVE ID : CVE-2026-46529 It was discovered that evince, a simple multi-page document viewer, is...

8.4CVSS5.7AI score0.00555EPSS

OSV•added 2026/05/20 6:31 p.m.•6 views

GHSA-FVHG-P4HF-79X3 @cyntler/react-doc-viewer's TXTRenderer fails to sanitize file content and explicitly casts raw data as a ReactNode

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS5.9AI score0.00298EPSS

Exploits0References4

CVE•added 2026/05/20 12:0 a.m.•23 views

CVE-2026-30691

CVE-2026-30691 affects @cyntler/react-doc-viewer v1.17.1. TXTRenderer improperly sanitizes .txt content and casts raw data as a ReactNode, enabling Cross-Site Scripting (XSS) via crafted files. Impact: remote attacker can execute arbitrary JavaScript. No remediation details provided in the docume...

6.1CVSS6.1AI score0.00298EPSS

Exploits0References2

NVD•added 2026/04/21 7:16 p.m.•7 views

CVE-2026-40865

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS0.0014EPSS

EUVD•added 2026/04/21 6:14 p.m.•7 views

EUVD-2026-24231

7.1CVSS5.8AI score0.0014EPSS

CVE•added 2026/04/21 6:14 p.m.•14 views

CVE-2026-40865

Horilla HRMS 1.5.0 contains an insecure direct object reference in the employee document viewer. An authenticated user can access other employees’ uploaded documents by altering the document ID parameter, exposing identity documents, contracts, certificates, and other private records. The PT-2026...

7.1CVSS5.8AI score0.0014EPSS

The Hacker News•added 2026/04/13 9:15 a.m.•6 views

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 aka ScarCruft has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery...

6.1AI score

Fedora•added 2026/04/12 3:53 p.m.•3 views

[SECURITY] Fedora 42 Update: mupdf-1.26.3-6.fc42

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

7.8CVSS5.9AI score0.00213EPSS

Fedora•added 2026/04/12 3:38 p.m.•6 views

[SECURITY] Fedora 43 Update: mupdf-1.27.1-10.fc43

7.8CVSS5.9AI score0.00213EPSS

ATTACKERKB•added 2026/03/31 12:0 a.m.•2 views

CVE-2026-30277

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

6.4AI score0.00169EPSS

Exploits0References5

Vulnrichment•added 2026/02/09 9:10 p.m.•1 views

CVE-2026-25880 Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...

7.8CVSS6.3AI score0.00192EPSS

Exploits1References1

RedHat Linux•added 2026/02/09 7:38 a.m.•2 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

RedHat Linux•added 2026/02/09 3:7 a.m.•0 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

RedHat Linux•added 2026/02/05 10:46 a.m.•2 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

RedHat Linux•added 2026/02/05 9:15 a.m.•0 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...