EUVD-2012-1635

Malware in sbrugna...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +304 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: SNYK:JAVA-ORGAPACHETIKA-12238980...

CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

UBUNTU-CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

Malicious code in markdown-pdf-sedna-markdown-pdf-module (npm)

The package markdown-pdf-sedna-markdown-pdf-module was found to contain malicious code...

CVE-2025-53180

CVE-2025-53180 affects Huawei HarmonyOS PDF Preview module. A null pointer dereference in the PDF Preview component can impact functional stability. Documented vulnerable versions: HarmonyOS 5.0.1 and 5.1.0. Exploitation status and available patches are not detailed in the provided materials; mon...

CVE-2012-5007

The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdfmergepdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third...

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

Google Chrome Buffer Error Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from a heap buffer overflow in the PDF module...

MGASA-2020-0226 Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

Null pointer dereference

The pdf14poptransparencygroup function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...

VideoDB <= 2.2.1 (pdf.php) Remote File Include Exploit

1.漏洞分析 php define'FPDF', $config'pdfmodule';//这里可控 define'FPDFFONTPATH', FPDF.'/font/'; requireonce FPDF.'/fpdf.php'; //这里包含漏洞 requireonce './core/functions.php'; requireonce './engines/engines.php'; requireonce './core/VariableStream.class.php'; .... 2.漏洞利用...

Cross site scripting

Cross-site scripting XSS vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATHINFO...

CVE-2012-2084

The CVE-2012-2084 case affects Drupal’s Printer, email and PDF versions module (6.x-1.x before 6.x-1.15; 7.x-1.x before 7.x-1.0). The root cause is insufficient escaping of URL elements when rendering content, allowing remote attackers to inject arbitrary scripts/HTML (XSS) via likely PATH_INFO v...

CVE-2012-2084

Cross-site scripting XSS vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATHINFO...

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

CVE-2012-5007

The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdfmergepdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third...

Design/Logic Flaw

The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdfmergepdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third...

Sql injection

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...