Lucene search
+L

1067 matches found

vulnrichment
vulnrichment
added 2025/03/09 4:0 p.m.6 views

CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

5.3CVSS7.3AI score0.0032EPSS
Exploits0References4
cvelist
cvelist
added 2025/03/09 4:0 p.m.37 views

CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

5.3CVSS0.0032EPSS
Exploits0References4
cve
cve
added 2025/03/09 4:0 p.m.69 views

CVE-2025-2125

CVE-2025-2125 affects Control iD RH iD 25.2.25.0, specifically the PDF Document Handler. The vulnerability lies in the handling of the parameter nsr for the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1, causing improper control of resource identifiers. The issue is exploitable remote...

5.3CVSS4.9AI score0.0032EPSS
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2025/02/08 4:41 a.m.15 views

CVE-2025-24373

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

6.5CVSS6.5AI score0.00434EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/06 4:12 a.m.14 views

CVE-2021-40420

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

8.8CVSS7.1AI score0.04687EPSS
Exploits1
redhatcve
redhatcve
added 2025/02/05 1:46 p.m.12 views

CVE-2020-13548

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting...

8.8CVSS7.2AI score0.66678EPSS
Exploits1
vulnrichment
vulnrichment
added 2025/02/04 6:45 p.m.10 views

CVE-2025-24373 Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

6.3CVSS6.3AI score0.00434EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/08 12:0 a.m.12 views

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

4CVSS0.00196EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/01/08 12:0 a.m.5 views

PT-2025-3066 · Cpdf · Cpdf

Name of the Vulnerable Software and Affected Versions: cpdf versions 2.8 and earlier Description: The issue allows stack consumption via a crafted PDF document. This can be achieved through a manipulated PDF document. Recommendations: For versions 2.8 and earlier, consider updating to a version...

4CVSS7.1AI score0.00196EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/01/08 12:0 a.m.6 views

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

4CVSS6.8AI score0.00196EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/05 1:56 p.m.31 views

CVE-2024-52271 PDF Document Spoofing in Documenso

User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...

8.2CVSS0.00208EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/12/05 10:55 a.m.21 views

CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...

8.2CVSS6.9AI score0.00191EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2024/11/13 3:42 p.m.14 views

CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

7.5CVSS7.4AI score0.0066EPSS
Exploits1References1
talos
talos
added 2024/10/02 12:0 a.m.18 views

Foxit Reader checkbox Calculate use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...

8.8CVSS8.1AI score0.01917EPSS
Exploits1
thn
thn
added 2024/08/21 11:0 a.m.32 views

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea DPRK —...

7.1AI score
Exploits0
talos
talos
added 2024/08/13 12:0 a.m.21 views

Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability August 13, 2024 CVE Number CVE-2024-41830 SUMMARY A use-after-free vulnerability exists in the AV3DVirtAnnot functionality of Adobe Acrobat Reader 2024.002.20759. A...

7.8CVSS8.1AI score0.0455EPSS
Exploits0
pypa
pypa
added 2024/07/17 8:15 p.m.7 views

PYSEC-2024-65

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

5.4CVSS6.4AI score0.00324EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/05/14 4:17 p.m.17 views

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...

5.9CVSS6.7AI score0.00454EPSS
Exploits0References2
cve
cve
added 2024/05/14 1:30 p.m.54 views

CVE-2024-33864

The CVE-2024-33864 entry covers a vulnerability in linqi prior to 1.4.0.1 on Windows that enables SSRF via Document template generation, including the use of remote images during process creation, file inclusion, and PDF document generation through malicious JavaScript. Affected component behavio...

5.9CVSS7AI score0.00454EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2024/04/30 3:15 p.m.18 views

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS8.9AI score0.15639EPSS
Exploits1References2
Rows per page
Query Builder