CVE-2026-33321

OpenEMR is affected by CVE-2026-33321 due to an Out-of-Band Server-Side Request Forgery (OOB SSRF) in the PDF creation function. Before 8.0.0.2, users with the “Notes - my encounters” role could fill Eye Exam forms; the form answers are parsed as unescaped HTML when generating PDFs, enabling the ...

CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

EUVD-2026-13164

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

OpenEMR 代码问题漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained code...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...

EUVD-2025-203957

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows...

EUVD-2024-0798

Malicious code in bioql PyPI...

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the api/v1/utils/pdf endpoint. An attacker can exhaust server resources and cause a denial of service by sending a POST request with an excessively large...

CVE-2024-47580

An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...

BADPDF Malicious PDF Creator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BADPDF Malicious PDF Creator', 'Description' = ' This module can either creates a blank PDF file which contains a UNC link which can be used to...

CVE-2024-42374

CVE-2024-42374 affects the SAP BEx Web Java Runtime Export Web Service. The issue is insufficient validation of an XML document from an untrusted source, enabling an attacker to retrieve information from the SAP ADS system and exhaust the XMLForm service, which makes SAP ADS rendering (PDF creati...

CVE-2024-42374 XML injection in SAP BEx Web Java Runtime Export Web Service

BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS rendering PDF creation unavailable. This affects...

Fedora: Security Advisory for rubygem-pdfkit (FEDORA-2022-3ec8272e72)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: rubygem-pdfkit-0.8.7-1.fc36

Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...

TCPDF 6.2.19 Deserialization / Remote Code Execution

CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it is a nice feature to have for the developer, it may cause problems in case the PDF creation script is vulnerable to...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...

Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation

Foxit Reader 7.0.6.1126 Unquoted Service Path Elevation Of Privilege Vendor: Foxit Software Incorporated Product web page: http://www.foxitsoftware.com Affected version: 7.0.6.1126 and 6.1 Summary: Foxit Reader is a small, lightning fast, and feature rich PDF viewer which allows you to create...

Joomla QuickFAQ Component (com_quickfaq) Blind SQL Injection Vulnerability

No description provided by source. ----------------------------------------------------------------------------------------- Joomla Component comquickfaq BSQL-i Vulnerability ----------------------------------------------------------------------------------------- +Title Joomla Component...

Joomla Component com_quickfaq Blind SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================================== Joomla Component comquickfaq Blind SQL Injection Vulnerability ===============================================================...