UBUNTU-CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

CVE-2026-24688 pypdf has possible Infinite Loop when processing outlines/bookmarks

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

Docassemble open redirect

Impact It is possible to create a URL that acts as an open redirect. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of 4801ac7 and restart the...

GHSA-JQ57-3W7P-VWVV Docassemble unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...

Scientific Linux Security Update : jakarta-commons-collections on SL6.x (noarch) (20151130)

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons- collections...