53 matches found
CVE-2026-57238
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...
CVE-2026-13126
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...
CVE-2026-13126
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...
EUVD-2026-42181
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...
CVE-2026-57242
Technical details are not publicly available in the provided documents for CVE-2026-57242; monitor Foxit security bulletins for updates on affected products, versions, impact, and remediation.
CVE-2026-57249
CVE-2026-57249 affects Foxit PDF Editor/Reader in the annotation handling path. After opening a PDF, the software resets the annotation status and triggers a reset form event; during the subsequent re-entry it accesses invalid objects, leading to a crash. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/...
EUVD-2026-42204
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...
PT-2026-56341
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description A use-after-free issue occurs when the application opens a PDF and JavaScript modifies the form. Due to incomplete lifecycle management and a lack of null value validation for...
PT-2026-56337
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A crash occurs when the application opens a PDF and JavaScript deletes a form field object, followed by an attempt to access that invalid object. Recommendation...
CVE-2026-44640
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...
PT-2026-44985
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-prov data is stored as nni quic conn during dialing, but read as ex quic conn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...
JLSEC-2026-527
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...
PT-2026-35405
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...
gnutls: Vulnerability in GnuTLS otherName SAN export
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...
gnutls: Vulnerability in GnuTLS otherName SAN export
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...
SUSE CVE-2025-32988
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...
AZL-65085 CVE-2025-32988 affecting package gnutls for versions less than 3.7.11-4
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to an implementation flaw that allows an invalid object to be processed. An attacker can compromise the integrity of the authentication process by circumventing the client verification mechanism. Remediation...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to an implementation flaw that allows an invalid object to be processed. An attacker can compromise the integrity of the authentication process by circumventing the client verification mechanism. Remediation...
CVE-2024-7487
An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification...