CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

GithubExploit•added 2026/03/18 9:59 a.m.•114 views

Exploit for CVE-2026-26801

pdfmake SSRF Vulnerability PoC Vulnerability Summary | Fi...

7.5CVSS5.8AI score0.00029EPSS

Exploits2

RedhatCVE•added 2026/03/11 7:8 a.m.•2 views

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.8AI score0.00029EPSS

Exploits2References1

vulnersOsv•added 2026/03/10 9:32 p.m.•3 views

@apxc/node-red-contrib-apxc-pdfmake (>=0.0.1 <=0.0.2), @aryanbv/pdf-toolkit-mcp (>=0.2.0 <=0.2.4) +40 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.8)

pdfmake NPM version =0.3.0-beta.2, =0.0.1, =0.2.0, =2.6.0, =0.0.1, =1.0.14, =3.7.4, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.2.0, =0.1.0, =1.0.0, =2.0.2, =6.0.0 - @prt-ts/pdf-json-helpers =5.0.0 and more Source cves: CVE-2026-26801 Source advisory: SNYK:JS-PDFMAKE-15467449...

7.5CVSS5.8AI score0.00029EPSS

Exploits2

Snyk•added 2026/03/10 9:32 p.m.•2 views

Server-side Request Forgery (SSRF)

Overview org.webjars.npm:pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLResolver component. An attacker can obtain sensitive information by making crafted requests to internal or...

8.7CVSS5.8AI score0.00029EPSS

Exploits2References2

EUVD•added 2026/03/10 9:32 p.m.•0 views

EUVD-2026-10757

7.5CVSS5.8AI score0.00029EPSS

Exploits2References5

vulnersOsv•added 2026/03/10 9:32 p.m.•4 views

@ind-rcg/generator (>=262.1002.0-beta.2 <=264.1004.0-beta.1), @ind-rcg/modeler-sfdx-cli-plugin (>=262.1002.0-beta.4 <=264.1004.0-beta.4) +2 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.2)

pdfmake NPM version =0.3.0-beta.2, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.0.0, =2.2.0 Source cves: CVE-2026-26801 Source advisory: OSV:GHSA-WP52-R2FP-4VMR...

7.5CVSS5.8AI score0.00029EPSS

Exploits2

OSV•added 2026/03/10 9:32 p.m.•0 views

GHSA-WP52-R2FP-4VMR pdfmake is vulnerable to server-side request forgery (SSRF)

7.5CVSS5.9AI score0.00029EPSS

Exploits2References6

EUVD•added 2026/03/10 9:32 p.m.•0 views

EUVD-2026-10756

7.5CVSS5.8AI score0.00029EPSS

Exploits2References5

Snyk•added 2026/03/10 9:32 p.m.•2 views

Server-side Request Forgery (SSRF)

Overview pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLResolver component. An attacker can obtain sensitive information by making crafted requests to internal or external resources...

8.7CVSS5.8AI score0.00029EPSS

Exploits2References2

Github Security Blog•added 2026/03/10 9:32 p.m.•1 views

pdfmake is vulnerable to server-side request forgery (SSRF)

7.5CVSS5.8AI score0.00029EPSS

Exploits2References7Affected Software1

OSV•added 2026/03/10 7:17 p.m.•0 views

CVE-2026-26801

7.5CVSS5.9AI score0.00029EPSS

Exploits2References5

NVD•added 2026/03/10 7:17 p.m.•1 views

CVE-2026-26801

7.5CVSS0.00029EPSS

Exploits2References5

CVE•added 2026/03/10 12:0 a.m.•7 views

CVE-2026-26801

CVE-2026-26801 describes a Server-Side Request Forgery (SSRF) in pdfmake versions 0.3.0-beta.2 through 0.3.5, exploitable via the src/URLResolver.js component. The underlying issue is that server-side requests could access arbitrary URLs. The fix is in version 0.3.6, which introduces setUrlAccess...

7.5CVSS5.8AI score0.00029EPSS

Exploits2References5Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•0 views

PT-2026-24364

Name of the Vulnerable Software and Affected Versions pdfmake versions 0.3.0-beta.2 through 0.3.5 Description A Server-Side Request Forgery SSRF issue exists in the src/URLResolver.js component of pdfmake. This allows a remote attacker to potentially obtain sensitive information. The issue was...

7.5CVSS5.8AI score0.00029EPSS

Exploits2References11

ATTACKERKB•added 2026/03/10 12:0 a.m.•2 views

CVE-2026-26801

5.8AI score0.00029EPSS

Exploits2References5

Cvelist•added 2026/03/10 12:0 a.m.•23 views

CVE-2026-26801

0.00029EPSS

Exploits2References5

Vulnrichment•added 2026/03/10 12:0 a.m.•0 views

CVE-2026-26801

5.8AI score0.00029EPSS

Exploits2References5

CNNVD•added 2026/03/10 12:0 a.m.•5 views

pdfmake 安全漏洞

pdfmake is a pure JavaScript server-side and client-side PDF document generation library developed by Bartek Pampuch. There were security vulnerabilities in the version 0.3.0-beta.2 to 0.3.5 of pdfmake, which stemmed from the src/URLResolver.js component’s server-side request forgery vulnerabilit...

7.5CVSS5.8AI score0.00029EPSS

Exploits2References5

IBM Security Bulletins•added 2025/11/28 7:8 p.m.•6 views

Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)

Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...

8.7CVSS6.6AI score0.00063EPSS

Exploits0Affected Software1

Veracode•added 2025/11/24 8:49 a.m.•3 views

Allocation Of Resources Without Limits Or Throttling

pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...

8.7CVSS7AI score0.00063EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by