Lucene search
K

28179 matches found

Nuclei
Nuclei
added 11 hours ago81 views

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtwpgaepbdwnldpdf function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS7.1AI score0.07486EPSS
Exploits3References4
Nuclei
Nuclei
added 11 hours ago31 views

PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting

The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. id: CVE-2017-18528 info: name: PDF & Print by BestWebSoft 1.9.4 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.01757EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago19 views

Gotenberg - Command Injection

Gotenberg 8.31.0 contains a command injection caused by lack of validation on JSON metadata keys in /forms/pdfengines/metadata/write endpoint, letting unauthenticated attackers execute OS commands, exploit requires crafted HTTP request. id: CVE-2026-42589 info: name: Gotenberg - Command Injection...

9.8CVSS6.1AI score0.0295EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago16 views

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...

5.3CVSS6.1AI score0.00892EPSS
Exploits0References2
Nuclei
Nuclei
added 11 hours ago9 views

Stirling-PDF < 1.1.0 - Server-Side Request Forgery

Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...

9.8CVSS6.1AI score0.01701EPSS
Exploits0References2
Nuclei
Nuclei
added 11 hours ago86 views

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS6.1AI score0.01999EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago100 views

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

6.1CVSS6.4AI score0.01193EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago50 views

WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...

7.5CVSS7AI score0.1129EPSS
Exploits2References5
NVD
NVD
added yesterday7 views

CVE-2026-14906

Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4...

5.3CVSS
Exploits0References2
CVE
CVE
added yesterday16 views

CVE-2026-14906

The vulnerability CVE-2026-14906 affects Firefox for iOS. Pages with malicious titles could cause saved webpages-as-PDF content to overwrite existing PDF files or bundled content within the Firefox for iOS app sandbox. Affected component is the PDF-saving process; root cause details are not expli...

5.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-57407

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57393

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through = 2.0.8...

6.5CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57393

CVE-2026-57393 affects the WordPress plugin WooCommerce PDF Invoice Builder (plugin slug woo-pdf-invoice-builder) up to version ≤ 2.0.8. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere that allows retrieval of embedded sensitive data...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57407

The vulnerability concerns the WordPress plugin PDF Generator for WordPress (plugin name shown as pdf-generator-for-wp) and is described as a Server-Side Request Forgery (SSRF) . Affected versions are listed as “from n/a through

7.2CVSS6.1AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-57407 WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57718

Name of the Vulnerable Software and Affected Versions PDF Generator for WordPress versions prior to 1.6.3 Description A Server-Side Request Forgery SSRF issue exists in the PDF Generator for WordPress plugin. This flaw allows an unauthenticated attacker to induce the server to make requests to...

7.2CVSS6.1AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-56260

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS0.00421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-57551

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description An arbitrary file write issue exists in the Docker API server. The '/screenshot' and '/pdf' endpoints do not validate the output path parameter, which allows an attacker to use absolute paths or...

9.1CVSS6.2AI score0.00421EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-13116 PDF Invoices & Packing Slips for WooCommerce <= 5.14.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via 'order_id' Shortcode Attribute

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
Nuclei
Nuclei
added 3 days ago16 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7AI score0.79807EPSS
Exploits5References2
Rows per page
Query Builder