CVE-2026-42795

Gleam: Symlink following in Hex package export vulnerability (CVE-2026-42795) allows embedding files outside the project root into the generated Hex package. Root cause: file collection in compiler-cli/src/fs.rs uses follow_links(true) for publishable directories (e.g., src/, priv/) and add_path_...

Allocation Of Resources Without Limits Or Throttling

pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...

CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding

Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that...

GHSA-RJ3R-R7HH-JXFQ pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding

Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that...

CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

CVE-2025-11362

CVE-2025-11362 affects the pdfmake package prior to 0.3.0-beta.17, where an attacker can trigger repeated URL redirects in file embedding, potentially causing the application to crash or become unresponsive. The issue is categorized as Allocation of Resources Without Limits or Throttling and has ...

PT-2025-40963

Name of the Vulnerable Software and Affected Versions pdfmake versions prior to 0.3.0-beta.17 Description The software is susceptible to a denial-of-service condition due to unrestricted resource allocation. This occurs when processing crafted input that repeatedly redirects URLs during file...

pdfmake 安全漏洞

pdfmake is a pure JavaScript server-side and client-side PDF document generation library from the individual developer Bartek Pampuch. A security vulnerability exists in pdfmake versions prior to 0.3.0-beta.17, which stems from duplicate redirect URLs in file embedding leading to an unlimited...

CVE-2024-6181

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file=WEB-CORE/elements/files/filesembedded.jsp=32. The manipulation of the argument height/width leads to cross site scripting. The...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become...

Allocation of Resources Without Limits or Throttling

Overview pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 This repository contains a Proof of Concept P...

Design/Logic Flaw

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

Dropbox: Disclose anonymous accessible link on embedded files in paper dropbox sessions

This report described some of the behavior of the integration between Dropbox and Dropbox Paper. In particular, when embedding a Dropbox file into Dropbox Paper, this implicitly creates a link to that file see https://www.dropbox.com/help/files-folders/view-only-access and embeds it within the...

ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com. Features Interactive Console: Type "help" to get a list of commands. Type "help command" to get a description/usage on specific command. crackpw This executes Nacho Barrientos Arias's PDFCrack tool by...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bwurl parameter in the bw-videos pag...