CVE-2026-34586

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...

CVE-2025-14356

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-203059

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2024-17528

Malicious code in bioql PyPI...

CVE-2024-8053

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

Files or Directories Accessible to External Parties

Overview aleksis-core is a This is the core of the AlekSIS framework and the official distribution see below. It bundles functionality for all apps, and utilities for developers and administrators. Affected versions of this package are vulnerable to Files or Directories Accessible to External...

AlekSIS-Core 安全漏洞

AlekSIS-Core is a school information system from AlekSIS, Inc. A security vulnerability exists in AlekSIS-Core versions 3.0 through 3.2.1, which stems from improperly controlled access and could result in unauthorized access to PDF files...

CVE-2024-5547

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'projectname' parameter in the downloadprojectpdf function. Attackers can exploit...

UBUNTU-CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. Mozilla Firefox suffers from an origin validation error that originates...

CVE-2019-16271

DTEN D5 and D7 devices (pre-1.3.2) expose an unauthenticated web server on TCP port 8080 that allows remote attackers to read stored whiteboard PDF images via storage/emulated/0/Notes/PDF. The root cause is lack of authentication on the web interface, enabling direct file disclosure of sensitive ...