Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/04 8:25 a.m.3 views

CVE-2026-2437

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00159EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long...

6.9CVSS5.7AI score0.00399EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 7:16 a.m.12 views

CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

6.9CVSS0.00399EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/06 6:46 a.m.4 views

CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

6.9CVSS5.7AI score0.00399EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/06 6:46 a.m.33 views

CVE-2026-28804

CVE-2026-28804 affects pypdf prior to 6.7.5. A crafted PDF that uses the /ASCIIHexDecode filter can cause long runtimes (DoS) when decoding streams. This vulnerability is resolved by upgrading to pypdf 6.7.5 or later, as noted in multiple sources (NVD/NIST entry, IBM Watson Discovery Cartridge ad...

6.9CVSS5.8AI score0.00399EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

pypdf 安全漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.7.5, pypdf had a security vulnerability. This vulnerability stemmed from the use of the /ASCIIHexDecode filter when accessing...

6.9CVSS5.9AI score0.00399EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/10/27 5:13 a.m.11 views

WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Consulting versions 6.7.5...

7.5CVSS7AI score0.00381EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/08/05 5:15 p.m.4 views

CVE-2022-2675

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 using firmware version 0.1.35 can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1...

6.5CVSS5.8AI score0.00455EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.13 views

PT-2021-3164

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.x before 2.6.7.5 Description The issue is related to the interaction between serialization gadgets and typing, specifically with the...

9.3CVSS6.8AI score0.20929EPSS
Exploits11References44
OSV
OSV
added 2018/12/07 9:29 p.m.3 views

CVE-2018-7066

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the...

9CVSS6.1AI score0.03483EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/21 12:0 a.m.3 views

b2evolution HTML Injection Vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. An HTML injection vulnerability exists in b2evolution 6.7.5 and earlier versions, which stems from the program's failure to adequately filter user-submitted input. When a user browses the...

6.1CVSS7.7AI score0.01239EPSS
Exploits0References1
Rows per page
Query Builder