1067 matches found
CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2125
CVE-2025-2125 affects Control iD RH iD 25.2.25.0, specifically the PDF Document Handler. The vulnerability lies in the handling of the parameter nsr for the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1, causing improper control of resource identifiers. The issue is exploitable remote...
CVE-2025-24373
woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...
CVE-2021-40420
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...
CVE-2020-13548
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting...
CVE-2025-24373 Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips
woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...
CVE-2024-54731
cpdf through 2.8 allows stack consumption via a crafted PDF document...
PT-2025-3066 · Cpdf · Cpdf
Name of the Vulnerable Software and Affected Versions: cpdf versions 2.8 and earlier Description: The issue allows stack consumption via a crafted PDF document. This can be achieved through a manipulated PDF document. Recommendations: For versions 2.8 and earlier, consider updating to a version...
CVE-2024-54731
cpdf through 2.8 allows stack consumption via a crafted PDF document...
CVE-2024-52271 PDF Document Spoofing in Documenso
User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...
CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)
User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
Foxit Reader checkbox Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...
New macOS Malware TodoSwift Linked to North Korean Hacking Groups
Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea DPRK —...
Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability August 13, 2024 CVE Number CVE-2024-41830 SUMMARY A use-after-free vulnerability exists in the AV3DVirtAnnot functionality of Adobe Acrobat Reader 2024.002.20759. A...
PYSEC-2024-65
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...
CVE-2024-33864
An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...
CVE-2024-33864
The CVE-2024-33864 entry covers a vulnerability in linqi prior to 1.4.0.1 on Windows that enables SSRF via Document template generation, including the use of remote images during process creation, file inclusion, and PDF document generation through malicious JavaScript. Affected component behavio...
CVE-2024-25938
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...