Lucene search
K

59135 matches found

CVE
CVE
added 2025/12/11 12:0 a.m.25 views

CVE-2025-55311

Foxit PDF Editor CVE-2025-55311 affects Foxit PDF and Editor on Windows/macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and clear the file’s modification status, bypassing digital signature verification and undermining trust in signed PDFs. R...

6.5CVSS7.4AI score0.0017EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.1 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.1AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.1 views

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

6AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

Microweber 跨站脚本漏洞

Microweber is Microweber open source online store management system that provides drag and drop functionality. The system includes modules for adding products, images and more. A cross-site scripting vulnerability exists in Microweber version 2.0.15, which stems from the presence of stored...

5.4CVSS6.1AI score0.00214EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.1 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.4AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.26 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.28 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.2AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.3 views

PT-2025-50622

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS7.5AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.22 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50751

Name of the Vulnerable Software and Affected Versions PyroCMS version 3.0.1 Description The software contains a stored cross-site scripting issue in the admin redirects configuration. Attackers can inject malicious scripts by inserting a payload into the 'Redirect From' field. This allows for the...

5.4CVSS5.2AI score0.0021EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/11 12:0 a.m.3 views

EUVD-2025-202691

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

3.3CVSS5.8AI score0.00147EPSS
Exploits0References2
CVE
CVE
added 2025/12/11 12:0 a.m.21 views

CVE-2025-55312

CVE-2025-55312 affects Foxit PDF Editor for Windows prior to 13.2 and prior to 2025.2. When pages are deleted via JavaScript, the software may fail to update internal states, leading to dereference of invalid memory during subsequent annotation management. This memory corruption can cause crashes...

7.8CVSS7.9AI score0.00126EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50617

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description A specially crafted PDF file containing JavaScript can trigger a use-after-free condition. This occurs when the JavaScript code attaches...

6.7CVSS7.8AI score0.00115EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.3 views

PT-2025-50620

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS7.5AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50619

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description A specially crafted PDF document can utilize JavaScript to modify annotation content and then remove the file’s modification status...

6.5CVSS7.7AI score0.0017EPSS
Exploits0References5
CVE
CVE
added 2025/12/11 12:0 a.m.14 views

CVE-2025-55314

CVE-2025-55314 affects Foxit PDF Editor (Windows/macOS) prior to 13.2 and Foxit Reader prior to 2025.2. When pages are deleted via JavaScript, the software may fail to update internal states, causing dereference of invalid or released memory. This can lead to memory corruption, application crashe...

7.8CVSS7.8AI score0.00169EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.8 views

LibreChat 跨站脚本漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A cross-site scripting vulnerability exists in LibreChat 0.8.0 and earlier versions that stems from an unhandled JSON parsing error that could lead to a cross-site scripting attack...

6.1CVSS5.8AI score0.00181EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.5 views

CE Phoenix 跨站脚本漏洞

CE Phoenix is a powerful e-commerce store from Phoenix Cart open source. A cross-site scripting vulnerability exists in CE Phoenix version v3.0.1, which stems from the presence of stored cross-site scripting in the Currency Management Panel that could lead to the execution of arbitrary JavaScript...

5.3CVSS6.1AI score0.0031EPSS
Exploits0References5
CVE
CVE
added 2025/12/11 12:0 a.m.24 views

CVE-2025-55307

CVE-2025-55307 – Foxit PDF and Editor for Windows is affected in versions prior to 13.2 and 2025 before 2025.2. A malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath (e.g., "/") can trigger an out-of-bounds read in internal path-parsing logic, potentially l...

3.3CVSS7.2AI score0.00147EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder