Lucene search
K

12 matches found

EUVD
EUVD
added 2026/02/28 2:46 a.m.6 views

EUVD-2026-9070

pypdf: Manipulated RunLengthDecode streams can exhaust RAM...

6.9CVSS5.9AI score0.00423EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/28 2:46 a.m.13 views

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/27 8:59 p.m.5 views

CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/11 7:45 p.m.6 views

CVE-2026-1774

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

9.8CVSS5.4AI score0.00624EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 3:38 p.m.14 views

CVE-2026-1774

CASL Ability (versions 2.4.0–6.7.4) contains a prototype pollution vulnerability likely via the extra/rulesToFields path handling, allowing manipulation of Object.prototype. Affected components include the setByPath logic within the prototype pollution surface; impact can range from DoS to potent...

9.8CVSS5.4AI score0.00624EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.13 views

CVE-2022-26748

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7AI score0.01371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 9:32 a.m.3 views

CVE-2025-66675 Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...

6.5AI score0.00517EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.7 views

CVE-2025-67572

Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...

5.3CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.15 views

CVE-2025-67572

CVE-2025-67572 affects the PenNews WordPress theme (PenNews) prior to version 6.7.4, due to Missing/Incorrect Authorization in access controls. The issue enables unauthorized access due to misconfigured security levels. Reported in multiple sources (Wordfence, Patchstack, CVE records) with a CVSS...

5.3CVSS6.6AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.25 views

CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...

5.3CVSS0.00222EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/05 4:54 a.m.5 views

Malicious code in coldbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8841e2d0dbc754df7eb19a7b42426c538506e0fc7412d08422bbd8f2cf983d73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2021/02/15 5:15 p.m.8 views

AZL-6437 CVE-2021-27218 affecting package glib for versions less than 2.60.1-5

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...

7.5CVSS7AI score0.0408EPSS
Exploits0References1
Rows per page
Query Builder