SUSE CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

PT-2026-33879

Name of the Vulnerable Software and Affected Versions nbconvert versions 6.5 through 7.17.0 Description The nbconvert tool converts Jupyter notebooks to various formats using Jinja templates. When the HTMLExporter.embed images variable is set to True, the markdown renderer allows arbitrary file...

CVE-2022-42707

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions...

EUVD-2022-45773

Malicious code in bioql PyPI...

Cursor 代码问题漏洞

Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...

CVE-2025-50738

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...

Absolute Path Traversal

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Absolute Path Traversal via the HTML writer process when embedding images. An attacker can read arbitrary files on the server an...

PDFZorro 安全漏洞

PDFZorro is an online PDF editor. A security vulnerability exists in PDFZorro Online version r20220428, which stems from the inability to properly clean up deleted editing information from PDF files, resulting in the unintentional disclosure of editing information including images and text embedd...

SUSE CVE-2012-0192

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded 1 JPEG or 2 PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a...

UBUNTU-CVE-2019-15726

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server...

CVE-2019-15726

Removed by vendor...

Adobe Acrobat Pro DC PostScript colorimage Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of service. An integer overflow, which results in a heap-based buffer overflow in the icmLutallocate function in icclib allows an attacker to crash the application or possibly execute arbitrary code via a malicious PostScript or PDF file with embedded images...

CVE-2018-5679

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

CVE-2018-5675

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

SRC-2018-0018 : Foxit Reader PDF Parsing U3D Type Confusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2018-0010 : Foxit Reader PDF Parsing U3D Heap-based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2014-5237

Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...

CVE-2014-5237

Open-Xchange App Suite (documentconverter) is affected by CVE-2014-5237. The vulnerability allows Server-Side Request Forgery (SSRF) via a URL embedded in an image within a Text document, which is not correctly handled by the image preview. Affected versions are Open-Xchange App Suite before 7.4....

openSUSE Security Update : ghostscript (openSUSE-SU-2012:1289-1)

The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLutallocate function in International Color Consortium ICC Format library icclib, as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service crash...