Lucene search
K

31801 matches found

Nuclei
Nuclei
added 9 hours ago70 views

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

7.5CVSS7.1AI score0.04736EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-56366

A flaw was found in ImageMagick. This vulnerability, categorized as a memory leak CWE-401, occurs in the META reader when processing APP1JPEG input paths. A remote attacker could exploit this by providing specially crafted APP1JPEG image files. Successful exploitation leads to resource exhaustion...

4.8CVSS6AI score0.00103EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-56366

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

4.8CVSS0.00103EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42888

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

4.8CVSS6.1AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 3 days ago5 views

CVE-2026-56366

CVE-2026-56366 affects ImageMagick before 7.1.2-18. The vulnerability is a memory leak in the META reader when processing APP1JPEG input paths, which can be triggered by specially crafted APP1JPEG images and may lead to denial of service via resource exhaustion. Connected sources confirm the affe...

4.8CVSS6.1AI score0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59853 SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-15062

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK snowpark-python versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database...

9.6CVSS0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-13126 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-13128 Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-13129 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-57242 Foxit PDF Editor/Reader Page Use-After-Free Vulnerability

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-57243 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-57243

CVE-2026-57243 affects Foxit PDF Editor/Reader. A JavaScript reentrancy during page opening and form formatting leads to an inconsistent document status and, with outdated page information, the application accesses invalid addresses, causing a crash. Current details describe the vulnerable operat...

6.1CVSS6AI score0.00107EPSS
Exploits0References1Affected Software2
CVE
CVE
added 5 days ago11 views

CVE-2026-57248

The CVE-2026-57248 entry concerns Foxit PDF Editor/Reader where opening a PDF and performing JavaScript to write annotation attributes can bypass object type/argument checks, corrupting the internal annotation structure and causing a crash on release. This is described as a local, user-interactio...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57254 Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-57254

CVE-2026-57254 affects Foxit PDF Editor/Reader and is a type confusion vulnerability in PDF annotations that are referenced by other objects. The flaw occurs when the application parses the PDF without proper type checking, which can cause the application to crash. From the provided metrics, the ...

7.8CVSS6AI score0.00116EPSS
Exploits0References1Affected Software2
CVE
CVE
added 5 days ago13 views

CVE-2026-57255

CVE-2026-57255 affects Foxit PDF Editor/Reader. A PDF with an abnormal color space contains attributes referencing a semantically malformed function; the function’s output isn’t validated, leading to an illegal pointer read that accesses an out-of-bounds region and crashes the application. The de...

6.1CVSS6AI score0.00107EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-57237 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57256 Foxit Editor/Reader List Box Format Use-After-Free Vulnerability

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS0.00118EPSS
Exploits0References1
Rows per page
Query Builder