Lucene search
K

36 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-59936

Technical details about CVE-2026-59936 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected versions, impact, and fixes.

8.7CVSS6AI score0.00345EPSS
Exploits0References4Affected Software1
CVE
CVE
added 6 days ago14 views

CVE-2026-59935

The CVE affects the Python PDF library pypdf prior to 6.14.2, where a crafted PDF page content stream with an inline image not terminated and using ASCII85/ASCIIHex filters can cause an infinite loop during parsing (e.g., text extraction). This may impact availability (as per CVSS) with no confid...

8.7CVSS6AI score0.00352EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59935 pypdf: Possible infinite loop for not terminated inline images (ASCII85 and ASCIIHex filter)

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issu...

8.7CVSS0.00352EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-48920

A flaw was found in the Jenkins Email Extension Plugin. An attacker with the ability to control email content can exploit this vulnerability by inlining images with file: URLs. This allows the attacker to read arbitrary files from the Jenkins controller filesystem, leading to information disclosu...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Jenkins Email Extension Plugin 安全漏洞

The Jenkins Email Extension Plugin is an open-source extension for Jenkins that handles email notifications and build messages. The Jenkins Email Extension Plugin versions 1933.v45cec755423f and earlier contain security vulnerabilities. These vulnerabilities stem from allowing base64-encoded imag...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44013

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 7:57 a.m.8 views

Denial-of-service (DoS)

pypdf is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of inline images using the DCTDecode filter during PDF content stream parsing, which allows an attacker to craft a malicious PDF that triggers an infinite loop and causes CPU exhaustion...

8.7CVSS5.9AI score0.00402EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/22 9:36 p.m.7 views

CVE-2025-62707 pypdf affected by possible infinite loop when reading DCT inline images without EOF marker

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...

8.7CVSS6.9AI score0.00402EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/22 7:40 p.m.10 views

pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...

8.7CVSS6.8AI score0.00402EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-8669

Malware in sbrugna...

5CVSS6.2AI score0.021EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 1:20 a.m.7 views

CVE-2010-4766

The AgentTicketForward feature in Open Ticket Request System OTRS before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a...

4.3CVSS6.4AI score0.01092EPSS
Exploits1References1
Fedora
Fedora
added 2024/03/23 12:54 a.m.35 views

[SECURITY] Fedora 40 Update: w3m-0.5.3-63.git20230121.fc40

The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from t...

7.8CVSS6.6AI score0.00441EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.13 views

PT-2023-27175 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.4 through 25.0.8 Nextcloud Server versions 26.0.0 through 26.0.3 Nextcloud Server versions 27.0.0 through 27.0.0 Description: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform...

9.8CVSS5.7AI score0.01041EPSS
Exploits6References93
OpenVAS
OpenVAS
added 2023/06/12 12:0 a.m.15 views

Debian: Security Advisory (DLA-3451-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS5.5AI score0.01317EPSS
Exploits1References4
Fedora
Fedora
added 2023/01/01 1:38 a.m.28 views

[SECURITY] Fedora 37 Update: w3m-0.5.3-58.git20220429.fc37

The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from t...

7.8CVSS0.2AI score0.00441EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/06/10 12:0 a.m.10 views

Mageia: Security Advisory (MGASA-2022-0224)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS5.5AI score0.01317EPSS
Exploits1References4
Mageia
Mageia
added 2022/06/09 8:49 p.m.63 views

Updated python-pypdf2 packages fix security vulnerability

Infinite loop with manipulated inline images CVE-2022-24859...

6.2CVSS1.8AI score0.01317EPSS
Exploits1References2
OSV
OSV
added 2022/06/09 8:49 p.m.16 views

MGASA-2022-0224 Updated python-pypdf2 packages fix security vulnerability

Infinite loop with manipulated inline images CVE-2022-24859...

6.2CVSS6.2AI score0.01317EPSS
Exploits1References3
Debian
Debian
added 2022/06/03 10:48 a.m.53 views

[SECURITY] [DLA 3039-1] pypdf2 security update

Debian LTS Advisory DLA-3039-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 03, 2022 https://wiki.debian.org/LTS Package : pypdf2 Version : 1.26.0-2+deb9u1 CVE ID : CVE-2022-24859 Debian Bug : 1009879 Sebastian Krause discovered that manipulated inline...

6.2CVSS6.3AI score0.01317EPSS
Exploits1
Microsoft KB
Microsoft KB
added 2021/04/13 7:0 a.m.46 views

Description of the security update for Outlook 2016: April 13, 2021 (KB4504712)

None None...

7.8CVSS7AI score0.01295EPSS
Exploits0
Rows per page
Query Builder