Lucene search
+L

498 matches found

nvd
nvd
added 3 days ago7 views

CVE-2026-14906

Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4...

5.3CVSS0.00177EPSS
Exploits0References2
cve
cve
added 3 days ago19 views

CVE-2026-14906

The vulnerability CVE-2026-14906 affects Firefox for iOS. Pages with malicious titles could cause saved webpages-as-PDF content to overwrite existing PDF files or bundled content within the Firefox for iOS app sandbox. Affected component is the PDF-saving process; root cause details are not expli...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/07/08 7:36 a.m.13 views

CVE-2026-13129

CVE-2026-13129 affects Foxit PDF Editor/Reader (Annotation feature). The issue is a use-after-free in the handling of the PDF form field tree triggered by JavaScript during field traversal, which can leave the program with an invalid form object and lead to a crash, with potential remote code exe...

7.8CVSS6AI score0.00116EPSS
Exploits0References1Affected Software2
nessus
nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium...

6.5CVSS6.2AI score0.00202EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/07/01 8:45 p.m.7 views

CVE-2026-57204

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to uncontrolled resource consumption and large memory usage. This occurs because the library sometimes ignores defined limits for stre...

6.9CVSS5.8AI score0.00206EPSS
Exploits0References5
nvd
nvd
added 2026/06/30 10:16 p.m.10 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS0.00206EPSS
Exploits0References2
cve
cve
added 2026/06/30 9:59 p.m.21 views

CVE-2026-57204

CVE-2026-57204 affects the Python PDF library pypdf. Before version 6.13.3, a malicious PDF can trigger a DoS by causing excessive memory usage when parsing a content stream without a /Length value, due to MAX_DECLARED_STREAM_LENGTH being ignored. The issue is resolved in pypdf 6.13.3. The vulner...

6.9CVSS5.7AI score0.00206EPSS
Exploits0References2Affected Software1
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

A cryptographic flaw in PDFium in Google Chrome prior to version 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs through a brute-force attack. Chromium security severity: Medium...

4.3CVSS6.9AI score0.00102EPSS
Exploits0References3
nessus
nessus
added 2026/06/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

6.9CVSS6AI score0.00123EPSS
Exploits0References3
nessus
nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2 : poppler, --advisory ALAS2-2026-3362 (ALAS-2026-3362)

The version of poppler installed on the remote host is prior to 0.26.5-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3362 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
gitlab
gitlab
added 2026/06/16 12:0 a.m.12 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration...

9.2CVSS5.3AI score0.00276EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/06/13 12:34 a.m.13 views

EUVD-2025-210135

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76...

7.8CVSS5.6AI score0.00122EPSS
Exploits0References2
euvd
euvd
added 2026/06/13 12:34 a.m.10 views

EUVD-2025-210123

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

7.8CVSS5.6AI score0.00131EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.19 views

Snappy 代码问题漏洞

Snappy is a PHP library developed by KNP Labs’ individual developers. It allows for the generation of thumbnails, snapshots, or PDFs from URLs or HTML pages. Versions of Snappy prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from the xsl-style-sheet option, which coul...

6.9CVSS5.5AI score0.00249EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.12 views

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

7.5CVSS5.5AI score0.00428EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/04 11:3 p.m.10 views

CVE-2026-10945

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.2AI score0.0036EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.8 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of PDF components after their release, potentially allowing remote attackers to execute arbitrary code ...

8.8CVSS6AI score0.0036EPSS
Exploits0References3
osv
osv
added 2026/06/01 5:16 p.m.14 views

UBUNTU-CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6AI score0.00252EPSS
Exploits0References4
cve
cve
added 2026/06/01 3:33 p.m.56 views

CVE-2026-10118

CVE-2026-10118 – Poppler Splash backend integer overflow : The vulnerability affects Poppler’s Splash backend, in the tilingPatternFill path, where crafted PDFs can trigger an integer overflow that yields an undersized heap allocation, enabling an out-of-bounds write. This can lead to arbitrary c...

7.8CVSS6AI score0.00252EPSS
Exploits0References21
snyk
snyk
added 2026/06/01 3:25 p.m.27 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the tilingPatternFill function. An attacker can execute arbitrary code, disclose sensitive information, or cause a denial of service by supplying a specially crafted PDF file to an application that...

8.4CVSS5.5AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder