CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

EUVD-2017-11151

Malware in sbrugna...

EUVD-2024-2801

Malicious code in bioql PyPI...

CVE-2024-9283

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

GHSA-GJ3P-J74V-3X57 ReLaXed Cross-site Scripting vulnerability

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

ReLaXed Cross-site Scripting vulnerability

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

CVE-2024-9283

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

CVE-2024-9283 RelaxedJS ReLaXed Pug to PDF Converter cross site scripting

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

CVE-2024-9283 RelaxedJS ReLaXed Pug to PDF Converter cross site scripting

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

CVE-2024-9283

CVE-2024-9283 affects RelaxedJS ReLaXed up to 0.2.2, with a vulnerability in the Pug to PDF Converter component that enables cross-site scripting. The issue is local in nature; exploitation requires local access, and the exploit has been disclosed publicly and may be used. Several connected sourc...

PT-2024-39541 · Unknown · Relaxedjs Relaxed

Name of the Vulnerable Software and Affected Versions: RelaxedJS ReLaXed versions up to 0.2.2 Description: A problematic issue has been found in the Pug to PDF Converter component, which can lead to cross-site scripting. The manipulation requires a local approach to execute an attack. The issue h...

ReLaXed 跨站脚本漏洞

ReLaXed is a ReLaXed open source application. PDF documents can be created interactively using HTML. A cross-site scripting vulnerability exists in ReLaXed 0.2.2 and earlier versions, which stems from an unknown feature of the component Pug to PDF Converter that causes cross-site scripting...

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

Malvertisers Using Google Ads to Target Users Searching for Popular Software

Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute...

USN-6277-2: Dompdf vulnerabilities

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...

Dompdf 代码问题漏洞

Dompdf is Dompdf open source an HTML to PDF converter . Dompdf has a code problem vulnerability , the vulnerability stems from the vulnerability to the use of deserialization of untrusted data...

[SECURITY] [DLA 3495-1] php-dompdf security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès July 13, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2023-26482

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

CVE-2023-23924

Dompdf 2.0.1 is vulnerable to URI validation bypass during SVG parsing. If an attacker provides an SVG containing an tag with uppercase letters, the parser may bypass protection and allow arbitrary URL calls via the phar wrapper. In PHP

CVE-2023-23924

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...