CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

CVE•added 2026/06/15 3:0 p.m.•18 views

CVE-2026-9595

The CVE affects webpack-dev-server where a user-configured proxy with a broad context (e.g., /) and ws: true intercepts the dev server’s HMR WebSocket, forwarding it to the proxy target. This can leak cookies and Origin headers to the backend, bypass Host/Origin validation, and corrupt the HMR so...

5.3CVSS5.3AI score0.00163EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2026/04/24 1:28 a.m.•3 views

SUSE CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

4.8CVSS5.6AI score0.00226EPSS

Exploits0References3

SUSE CVE•added 2026/04/24 1:28 a.m.•5 views

SUSE CVE-2026-41314

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS5.6AI score0.00226EPSS

Exploits0References3

NVD•added 2026/04/22 10:16 p.m.•4 views

CVE-2026-41313

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...

6.5CVSS0.00214EPSS

Exploits0References4

Cvelist•added 2026/04/22 9:8 p.m.•26 views

CVE-2026-41314 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS0.00226EPSS

Exploits0References4

Cvelist•added 2026/04/22 9:4 p.m.•26 views

CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode

4.8CVSS0.00214EPSS

Exploits0References4

Positive Technologies•added 2026/04/16 12:0 a.m.•2 views

PT-2026-34566

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes long runtimes. This occurs when loading a PDF in incremental mode that contains a large /Size value in the trailer...

6.5CVSS5.2AI score0.00214EPSS

Exploits0References14

Positive Technologies•added 2026/04/16 12:0 a.m.•4 views

PT-2026-34567

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing an image using the '/FlateDecode' filter with large size values...

6.5CVSS5.2AI score0.00226EPSS

Exploits0References14

Positive Technologies•added 2026/04/16 12:0 a.m.•3 views

PT-2026-34565

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing a stream compressed using '/FlateDecode' with a /Predictor unequal to 1...

6.5CVSS5.1AI score0.00226EPSS

Exploits0References17

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-34562

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.1 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that results in long runtimes. This is achieved by using cross-reference streams with incorrect large /Size values or object...

6.9CVSS5.1AI score0.00297EPSS

Exploits0References17

EUVD•added 2026/02/25 4:9 p.m.•4 views

EUVD-2026-8601

pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams...

7.5CVSS5.2AI score0.00346EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 9:21 a.m.•7 views

CVE-2021-41245

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by privUITransactionFile aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop conf...

8.1CVSS6.9AI score0.00694EPSS

Exploits1References1

Tenable Nessus•added 2025/12/11 12:0 a.m.•4 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2488)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

7.5CVSS6.4AI score0.00586EPSS

Exploits0References5

OSV•added 2025/11/25 6:54 p.m.•3 views

CVE-2025-65960 Contao is vulnerable to remote code execution in template closures

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

6.6CVSS7.2AI score0.00152EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1273

Malware in sbrugna...

9.8CVSS9.3AI score0.00658EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-0555

Malware in sbrugna...

8.8CVSS8.6AI score0.0273EPSS

Exploits0References6