CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-0489

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0024EPSS

Exploits1References3

Veracode•added 2024/02/21 9:24 a.m.•14 views

Arbitrary File Read

electron-pdf is vulnerable to Arbitrary File Read. The vulnerability due to the improper input application when validating the HTML content, allowing an attacker to remotely obtain arbitrary local files by injecting malicious HTML content...

7.5CVSS6.6AI score0.0024EPSS

Exploits1References3Affected Software1

OSV•added 2024/02/20 3:30 a.m.•0 views

GHSA-3JCV-5F9P-2F2P Cross-site Scripting in electron-pdf

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS7.1AI score0.0024EPSS

Exploits1References2

vulnersOsv•added 2024/02/20 3:30 a.m.•0 views

@infosupport/kc-cli (>=2.1.1 <=2.3.8), @infosupport/kc-pdf (>=1.0.0 <=1.0.2) +3 more potentially affected by CVE-2024-1648 via electron-pdf (>=0.10.1 <=20.0.0)

electron-pdf NPM version =0.10.1, =2.1.1, =1.0.0, =0.0.0, =0.0.5 - resumaker =1.0.0 - rsme =0.3.0 Source cves: CVE-2024-1648 Source advisory: OSV:GHSA-3JCV-5F9P-2F2P...

7.5CVSS7.1AI score0.0024EPSS

Exploits1

Github Security Blog•added 2024/02/20 3:30 a.m.•16 views

Cross-site Scripting in electron-pdf

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS6.5AI score0.0024EPSS

Exploits1References3Affected Software1

OSV•added 2024/02/20 1:15 a.m.•1 views

CVE-2024-1648

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS6.4AI score

Exploits0References2

NVD•added 2024/02/20 1:15 a.m.•12 views

CVE-2024-1648

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS7.3AI score0.0024EPSS

Exploits1References2

Vulnrichment•added 2024/02/20 12:1 a.m.•16 views

CVE-2024-1648 electron-pdf 20.0.0 - Local File Read via Server Side XSS

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS7.2AI score0.0024EPSS

Exploits1References2

CVE•added 2024/02/20 12:1 a.m.•29 views

CVE-2024-1648

CVE-2024-1648 affects electron-pdf 20.0.0. The vulnerability stems from the application not validating user-supplied HTML content, enabling a remote attacker to read arbitrary local files. Root cause identified as improper HTML content validation. Impact is described as remote local-file access; ...

7.5CVSS7.2AI score0.0024EPSS

Exploits1References2Affected Software1

Cvelist•added 2024/02/20 12:1 a.m.•17 views

CVE-2024-1648 electron-pdf 20.0.0 - Local File Read via Server Side XSS

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS7.5AI score0.0024EPSS

Exploits1References2

CNNVD•added 2024/02/20 12:0 a.m.•1 views

Electron-PDF Security Vulnerability

Electron-PDF is a powerful command line tool from the individual developers at Fraser Xu. A security vulnerability exists in Electron-PDF version 20.0.0, which stems from a failure to validate the HTML content of user input, allowing an attacker to obtain arbitrary local files...

7.5CVSS6.6AI score0.0024EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by