Lucene search
K

1067 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-57254

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-57245

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 5 days ago10 views

CVE-2026-13127

The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-57242

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42204

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42193

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-57256

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS6AI score0.00118EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/07/02 2:3 p.m.6 views

EUVD-2026-41375

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/24 1:9 p.m.5 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.8 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/28 6:35 p.m.9 views

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

5.5CVSS5.7AI score0.00113EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 9:34 a.m.7 views

GHSA-26GG-9GV2-V27J Spring AI Vulnerable to OOM by attacker-controlled PDF

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/28 9:34 a.m.7 views

ai.telosforge:kimaira-starter-etl (>=1.2.4 <=1.2.6), cn.echoparrot:echoparrot-application (=25.4.0) +12 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.1.0 <=1.1.2)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.1.0, =1.2.4, =25.4.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =.30.0.rc1, =.30.0.rc1, =.30.0.rc1, =3.30.0.rc16 Source cves: CVE-2026-40980 Source advisory: OSV:GHSA-26GG-9GV2-V27J...

6.5CVSS5.7AI score0.0024EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 12:0 a.m.10 views

com.alibaba.cloud.ai:document-parser-apache-pdfbox (>=1.0.0-M5.1 <=1.0.0-M6.1), com.alibaba.cloud.ai:document-parser-bibtex (>=1.0.0-M5.1 <=1.0.0-M6.1) +19 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.0.0-M5 <=1.0.1)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.0.0-M5, =1.0.0-M5.1, =1.0.0-M5.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.6 - com.chinagoods.framework.thinkc...

6.5CVSS5.8AI score0.0024EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29436

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 4:16 a.m.5 views

CVE-2026-4308

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

6.5CVSS0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25872

🚨 CVE-2026-4308 A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle pdf document of the file python/helpers/document query.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References11
Snyk
Snyk
added 2026/02/02 6:29 p.m.4 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState functions. An attacker can execute arbitrary...

9.3CVSS6.2AI score0.00532EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.8 views

CVE-2021-31463

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS5.5AI score0.02018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.9 views

CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

5.4CVSS5.7AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder