CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...

CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...

CVE-2026-25535 jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in...

CVE-2026-25535 jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in...

CVE-2026-25535 jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in...

CVE-2026-25535

CVE-2026-25535 affects jsPDF (prior to 4.2.0). If the first argument to addImage (and other affected methods like html) can be controlled with unsanitized image data or URLs, a malicious GIF with large width/height entries can trigger excessive memory allocation, causing out-of-memory and denial ...

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from an arbitrary file enumeration vulnerability in t...

CVE-2026-27178

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

CVE-2026-23491

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the getfile method of the Guest module's Get controller in InvoicePlane up to and including through 1.6.3. The vulnerability allows unauthenticated attacker...

CVE-2026-23491

InvoicePlane up to version 1.6.3 is affected by a path traversal vulnerability in the Guest.Get controller’s get_file method, allowing unauthenticated attackers to read arbitrary server files (including configuration with database credentials). Root cause: improper input handling of the filename ...

PT-2026-20517

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $ REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

MajorDoMo 跨站脚本漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. MajorDoMo has a cross-site scripting vulnerability. This vulnerability stems from the /objects/?method endpoint, which allows unvalidated execution of stored methods. The parameters controlled by...

PT-2026-20490

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal issue exists in the get file method of the Guest module's Get controller. This...

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

BIT-NGINX-INGRESS-CONTROLLER-2026-1580 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

CVE-2026-2536 opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...