12 matches found
EUVD-2026-9070
pypdf: Manipulated RunLengthDecode streams can exhaust RAM...
pypdf: Manipulated RunLengthDecode streams can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...
CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...
CVE-2026-1774
CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...
CVE-2026-1774
CASL Ability (versions 2.4.0–6.7.4) contains a prototype pollution vulnerability likely via the extra/rulesToFields path handling, allowing manipulation of Object.prototype. Affected components include the setByPath logic within the prototype pollution surface; impact can range from DoS to potent...
CVE-2022-26748
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2025-66675 Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...
CVE-2025-67572
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...
CVE-2025-67572
CVE-2025-67572 affects the PenNews WordPress theme (PenNews) prior to version 6.7.4, due to Missing/Incorrect Authorization in access controls. The issue enables unauthorized access due to misconfigured security levels. Reported in multiple sources (Wordfence, Patchstack, CVE records) with a CVSS...
CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...
Malicious code in coldbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8841e2d0dbc754df7eb19a7b42426c538506e0fc7412d08422bbd8f2cf983d73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
AZL-6437 CVE-2021-27218 affecting package glib for versions less than 2.60.1-5
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...