Lucene search
K

302 matches found

RedHat Linux
RedHat Linux
added 2025/07/01 8:50 p.m.4 views

thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...

6.5CVSS7.3AI score0.00466EPSS
Exploits0References5
OSV
OSV
added 2025/06/03 12:0 a.m.5 views

ALSA-2025:8421 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

9.8CVSS8.2AI score0.00806EPSS
Exploits0References4
OSV
OSV
added 2025/05/28 7:45 p.m.6 views

MGASA-2025-0170 Updated ghostscript packages fix security vulnerabilities

gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708...

4CVSS4.8AI score0.00276EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:30 a.m.7 views

CVE-2024-45621

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents...

5.4CVSS5.6AI score0.00304EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.4 views

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...

9.8CVSS6.9AI score0.01771EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.8 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : poppler vulnerabilities (USN-7471-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7471-1 advisory. It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacke...

4.3CVSS5.2AI score0.00097EPSS
Exploits0References2
OSV
OSV
added 2025/02/04 6:45 p.m.18 views

CVE-2025-24373 Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

6.3CVSS6.6AI score0.00434EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/04 6:45 p.m.29 views

CVE-2025-24373 Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

6.3CVSS0.00434EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.7 views

CPDF 安全漏洞

CPDF is a PDF command line tool from the individual developer John Whitington. A security vulnerability exists in CPDF 2.8 and earlier versions, which stems from allowing the use of a stack through a carefully crafted PDF document...

4CVSS6.7AI score0.00196EPSS
Exploits0References2
Fedora
Fedora
added 2024/11/06 2:44 a.m.13 views

[SECURITY] Fedora 39 Update: php-tcpdf-6.7.7-1.fc39

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

7.5CVSS7.7AI score0.01113EPSS
Exploits1
NVD
NVD
added 2024/10/31 7:15 a.m.21 views

CVE-2024-9430

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

5.3CVSS0.0035EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/10/03 11:30 a.m.6 views

firefox: thunderbird: Cross-origin access to PDF contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This...

7.5CVSS7.5AI score0.00394EPSS
Exploits0References8
NVD
NVD
added 2024/09/02 7:15 p.m.17 views

CVE-2024-45621

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents...

5.4CVSS0.00304EPSS
Exploits0References2
OSV
OSV
added 2024/09/02 12:0 a.m.11 views

CVE-2024-45621

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents...

5.4CVSS5.5AI score0.00304EPSS
Exploits0References4
CVE
CVE
added 2024/09/02 12:0 a.m.71 views

CVE-2024-45621

CVE-2024-45621 affects the Electron-based Rocket.Chat desktop app up to version 6.3.4. The issue is a stored XSS vulnerability caused by handling links in an uploaded file, tied to failing to use a separate browser for third-party external actions triggered from PDF documents. The connected docum...

5.4CVSS5.7AI score0.00304EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/02 12:0 a.m.25 views

CVE-2024-45621

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents...

0.00304EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/08/15 11:43 a.m.23 views

Russian-Linked Hackers Target Eastern European NGOs and Media

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

i-librarian 跨站脚本漏洞

i-librarian is an online service from Martin Kucej Personal Developer that will organize your PDF files and office document collections. A cross-site scripting vulnerability exists in i-librarian versions prior to 5.11.1, which stems from PDF notes being displayed without any form of validation o...

4.6CVSS6.2AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2024/07/17 8:15 p.m.2 views

UBUNTU-CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

5.4CVSS5.8AI score0.00324EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/15 12:0 a.m.23 views

RHEL 8 : ghostscript (RHSA-2024:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4537 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

8.8CVSS8.6AI score0.01425EPSS
Exploits0References4
Rows per page
Query Builder