Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/07/12 7:24 p.m.14 views

CVE-2025-53626

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

6.1CVSS6.4AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2025/07/10 7:15 p.m.5 views

CVE-2025-53626

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

6.1CVSS0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/10 6:49 p.m.12 views

CVE-2025-53626 pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

6.1CVSS0.00289EPSS
Exploits0References2
CVE
CVE
added 2025/07/10 6:49 p.m.26 views

CVE-2025-53626

CVE-2025-53626 affects pdfme (TypeScript/React) and its expression evaluation feature. Reported vulnerabilities in versions 5.2.0–5.4.0 allow sandbox escape enabling XSS and prototype pollution. The issues are mitigated in version 5.4.1. By exploiting the expression evaluator, an attacker could b...

6.1CVSS6AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/10 6:49 p.m.2 views

CVE-2025-53626 pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

6.1CVSS6AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2025/07/10 6:49 p.m.8 views

CVE-2025-53626 pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

6.1CVSS6.4AI score0.00289EPSS
Exploits0References4
Rows per page
Query Builder