CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

EUVD-2026-17749

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

jsPDF has a PDF Object Injection via FreeText color

Impact User control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might...

PT-2026-25976

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.1 Description jsPDF is a JavaScript library used to generate PDF documents. A flaw exists where user-controlled arguments within the createAnnotation method can allow the injection of arbitrary PDF objects, includin...

CVE-2026-25940

A flaw was found in jsPDF. The properties and methods of the Acroform module accept user input without sanitization, allowing an attacker to inject arbitrary PDF objects, such as JavaScript actions. Specifically, if an attacker can supply a specially crafted input to the...

CVE-2026-24737

A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker could exploit this vulnerability by providing unsanitized input to specific methods within the Acroform module, such as AcroformChoiceField.addOption or AcroFormCheckBox.appearanceState. This allows the attacke...

CVE-2026-24737

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

CVE-2026-24737

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

PT-2026-5721

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description A flaw exists in jsPDF, a JavaScript library for generating PDFs, where user control over properties and methods within the Acroform module can lead to the injection of arbitrary PDF objects, including...

CVE-2022-34874

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-28682

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2022-19165 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 11.2.1.53537 Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious...

CVE-2022-23637 Stored Cross-Site-Scripting (XSS) in Markdown Editor

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

Type confusion

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in th...

Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)

Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Users of Thunderbird ar...