Lucene search
K

28048 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.5 views

PT-2026-53269

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data. By injecting UNION SELECT payloads into the PARAM 0 POST paramete...

7.1CVSS6AI score0.00148EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:35 p.m.7 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:35 p.m.6 views

MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 1:59 a.m.39 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS0.00254EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 5:24 p.m.4 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS7.3AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 5:24 p.m.6 views

Important: Red Hat Security Advisory: poppler security update

An update for poppler is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.8CVSS7.2AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.9 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.9 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:32 p.m.29 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:32 p.m.4 views

EUVD-2026-39425

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:29 p.m.32 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:29 p.m.6 views

EUVD-2026-39420

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

AlmaLinux 8 : evince (ALSA-2026:28998)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...

8.4CVSS5.9AI score0.00529EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.8 views

CVE-2026-54651

A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...

8.8CVSS7AI score0.00417EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/24 1:9 p.m.4 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/24 1:9 p.m.7 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.4CVSS5.9AI score0.00529EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:3 p.m.9 views

evince security update

An update is available for evince. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evince packages provide a simple multi-page document viewer for Portable...

8.4CVSS5.9AI score0.00529EPSS
Exploits0
Rows per page
Query Builder