Lucene search
K

44 matches found

OSV
OSV
added 2026/04/17 1:17 a.m.2 views

DEBIAN-CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

5.3CVSS5.5AI score0.00423EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 1:17 a.m.7 views

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS0.00423EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/16 11:18 p.m.7 views

CVE-2026-40260 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS5.6AI score0.00423EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:18 p.m.3 views

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/10 8:59 p.m.2 views

XML Entity Expansion

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to XML Entity Expansion when parsing XMP metadata. An attacker can cause excessive memory consumption with excessive DOCTYPE entity...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 12:31 p.m.5 views

EUVD-2026-17851

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/01 10:0 a.m.31 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00257EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:0 a.m.2 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/01 10:0 a.m.8 views

CVE-2026-1879

CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29508

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS5.5AI score0.00257EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

WordPress plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/01/13 7:16 p.m.9 views

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

10CVSS0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 8:2 a.m.10 views

CVE-2025-9571

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

8.7CVSS8.5AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 12:33 p.m.8 views

CVE-2025-66056

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through 6.10.0...

4.3CVSS6.8AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 1:15 p.m.4 views

CVE-2025-66056

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through 6.10.0...

4.3CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 12:29 p.m.13 views

CVE-2025-66056

The CVE CVE-2025-66056 (WordPress Uncanny Automator plugin) is a real vulnerability affecting Uncanny Automator versions before 6.10.0. It enables exposure of embedded sensitive data to unauthorized controllers, per multiple sources (NVD/NVD-affiliates/Red Hat, CVE lists, and patch records). The ...

4.3CVSS6.5AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/11/13 8:15 p.m.3 views

CVE-2025-46362

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering...

5.5CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/13 7:41 p.m.3 views

CVE-2025-46369

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...

7.8CVSS6.1AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.6 views

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo Inc. A security vulnerability exists in ZendTo 6.10-6 Beta and earlier versions, which stems from an os command injection due to the misbehavior of the parameter file1 in the file NSSDropoff.php...

7.5CVSS7.7AI score0.01863EPSS
Exploits0References4
OSV
OSV
added 2025/02/27 3:15 a.m.5 views

DEBIAN-CVE-2024-49570

In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...

7.8CVSS5.8AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder