1052 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-43718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a...
EUVD-2024-52658
Malicious code in bioql PyPI...
EUVD-2025-7510
Malicious code in bioql PyPI...
EUVD-2025-8091
Malicious code in bioql PyPI...
CVE-2025-43718
CVE-2025-43718 affects Poppler 24.06.1 through 25.x before 25.04.0, where deeply nested PHP/PDF metadata parsing structures can trigger uncontrolled recursion in the regex executor, causing stack exhaustion and a SIGSEGV. The issue involves PDF metadata handling paths such as Dict::lookup and Cat...
Linux Distros Unpatched Vulnerability : CVE-2023-6299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file...
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft aka APT37 to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target...
Linux Distros Unpatched Vulnerability : CVE-2020-9359
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. CVE-2020-9359 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2017-7379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based...
XML External Entity (XXE) Injection
Overview org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to XML External Entity XXE Injection. An attacker can access sensitive...
CVE-2024-4327
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2023-41257
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...
CVE-2022-29851
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document...
CVE-2020-10222
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::getproperty+2381 via a crafted PDF document...
CVE-2020-35931
An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...
CVE-2020-26536
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...
CVE-2015-8580
Multiple use-after-free vulnerabilities in the 1 Print method and 2 App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document...
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...
CVE-2012-4914
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream...
CVE-2011-4220
Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF document...