28048 matches found
PT-2026-53269
Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data. By injecting UNION SELECT payloads into the PARAM 0 POST paramete...
Malicious code in pdf-converter-pro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...
MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...
CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...
Important: Red Hat Security Advisory: poppler security update
An update for poppler is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
CVE-2026-57535
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
CVE-2026-57532
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...
CVE-2026-57532
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...
EUVD-2026-39425
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...
CVE-2026-57535
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
EUVD-2026-39420
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
AlmaLinux 8 : evince (ALSA-2026:28998)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...
CVE-2026-54651
A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...
Astra Linux – Vulnerability in Chromium
The use of “after free” in PDFs in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDFium in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
Important: Red Hat Security Advisory: evince security update
An update for evince is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
evince security update
An update is available for evince. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evince packages provide a simple multi-page document viewer for Portable...