CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

WordPress The Events Calendar plugin <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability

Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.9...

PyPDF's Manipulated FlateDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. Patches This has been...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...