Lucene search
K

371 matches found

CVE
CVE
added 6 days ago9 views

CVE-2026-59937

CVE-2026-59937 affects the Python PDF library pypdf prior to 6.14.0. A crafted PDF with repeated malformed cross-reference streams can cause pypdf to spend long runtimes recovering broken cross-reference table entries, resulting in high impact on availability. The issue is fixed in version 6.14.0...

7.5CVSS6AI score0.00345EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59937 pypdf: Possible long runtimes for repeated malformed cross-reference entries

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

6.9CVSS0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago14 views

PT-2026-56527

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.0 Description An attacker can craft a PDF containing repeated malformed cross-reference streams. This causes the library to spend excessive runtimes attempting to recover broken cross-reference table entries, leadi...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51516

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 9:16 p.m.9 views

CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

DEBIAN-CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

UBUNTU-CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/22 8:28 p.m.6 views

CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS5.8AI score0.00117EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:28 p.m.2 views

CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:28 p.m.25 views

CVE-2026-49460 pypdf: Inefficient decoding of FlateDecode PNG predictor streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS0.00117EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 8:28 p.m.22 views

CVE-2026-49460

CVE-2026-49460 affects the Python PDF library pypdf . Prior to version 6.12.2 , processing a PDF that uses a stream with the /FlateDecode filter and a PNG predictor can cause unusually long runtimes. The issue is fixed in 6.12.2 . Impact, in line with the sources, is a denial of service-like slow...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:46 p.m.10 views

pypdf: Inefficient decoding of FlateDecode PNG predictor streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying the changes...

5.1CVSS5.2AI score0.00117EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/16 1:46 p.m.6 views

GHSA-5HGR-HG42-57JG pypdf: Inefficient decoding of FlateDecode PNG predictor streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying the changes...

5.1CVSS5.3AI score0.00117EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49729

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description An attacker can craft a PDF file that results in long runtimes. This occurs when accessing a stream that utilizes the /FlateDecode filter with a PNG predictor. Recommendations Update to version 6.12.2...

5.1CVSS5.9AI score0.00117EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 6:29 p.m.17 views

EUVD-2026-32913

pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams...

5.1CVSS5.1AI score0.00124EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 6:29 p.m.9 views

GHSA-248M-82V9-Q6G6 pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

5.1CVSS5.2AI score0.00124EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 7:13 p.m.16 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability...

9.8CVSS6.3AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 7:8 p.m.12 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

9CVSS6.3AI score0.00508EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 7:2 p.m.9 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9CVSS6.3AI score0.00458EPSS
Exploits0Affected Software1
Rows per page
Query Builder