CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

SUSE CVE•added 2026/04/24 1:28 a.m.•2 views

SUSE CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

4.8CVSS5.6AI score0.00025EPSS

Exploits0References3

SUSE CVE•added 2026/04/24 1:28 a.m.•3 views

SUSE CVE-2026-41314

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS5.6AI score0.00025EPSS

Exploits0References3

NVD•added 2026/04/22 10:16 p.m.•3 views

CVE-2026-41313

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...

6.5CVSS0.00025EPSS

Exploits0References4

Cvelist•added 2026/04/22 9:8 p.m.•25 views

CVE-2026-41314 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS0.00025EPSS

Exploits0References4

Cvelist•added 2026/04/22 9:4 p.m.•24 views

CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode

4.8CVSS0.00025EPSS

Exploits0References4

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34567

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS5.6AI score0.00025EPSS

Exploits0References6

Positive Technologies•added 2026/04/22 12:0 a.m.•0 views

PT-2026-34566

4.8CVSS5.6AI score0.00025EPSS

Exploits0References6

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34565

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing a stream compressed using '/FlateDecode' with a /Predictor unequal to 1...

6.9CVSS5.1AI score0.00052EPSS

Exploits0References9

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34562

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.1 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that results in long runtimes. This is achieved by using cross-reference streams with incorrect large /Size values or object...

6.9CVSS5.1AI score0.00052EPSS

Exploits0References9

EUVD•added 2026/02/25 4:9 p.m.•2 views

EUVD-2026-8601

pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams...

7.5CVSS5.2AI score0.00055EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 9:21 a.m.•4 views

CVE-2021-41245

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by privUITransactionFile aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop conf...

8.1CVSS6.9AI score0.00132EPSS

Exploits1References1

Tenable Nessus•added 2025/12/11 12:0 a.m.•2 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2488)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

7.5CVSS6.4AI score0.01007EPSS

Exploits0References5

OSV•added 2025/11/25 6:54 p.m.•2 views

CVE-2025-65960 Contao is vulnerable to remote code execution in template closures

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

6.6CVSS7.2AI score0.0002EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1273

Malware in sbrugna...

9.8CVSS9.3AI score0.00177EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-19531

Malware in sbrugna...

6.5CVSS6.5AI score0.00308EPSS

Exploits0References3