Lucene search
K

75 matches found

Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS5.7AI score0.00263EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

DEBIAN-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.3 views

DEBIAN-CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 9:16 p.m.10 views

CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

UBUNTU-CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:16 p.m.3 views

UBUNTU-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 8:28 p.m.24 views

CVE-2026-54651 pypdf: Possible infinite loop when processing threads/articles in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS0.00111EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:26 p.m.6 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:26 p.m.23 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 8:25 p.m.6 views

CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:28 p.m.6 views

GHSA-JM82-FX9C-MX94 pypdf: Missing stream length values ignore defined limits

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. Patches This has been fixed in pypdf==6.13.3. Workarounds If you cannot upgrade yet,...

6.9CVSS5.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.20 views

pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/16 2:5 p.m.8 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the font retrieving. An attacker can cause the application to enter an infinite loop by crafting a specially...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.6AI score0.00228EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/26 4:2 p.m.42 views

CVE-2026-44314 Traccar: Missing edit authorization on device image upload allows read-only users to write files

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

5.3CVSS0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43299

Name of the Vulnerable Software and Affected Versions Traccar versions prior to 6.13.0 Description An authorization bypass exists in the GPS tracking system where the 'DeviceResource.uploadImage' endpoint fails to invoke the permissionsService.checkEdit function. While the system uses...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 3:34 p.m.9 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the CSV export functionality. An attacker can cause command execution or data exfiltration by injecting malicious formulas into exported fields, which are then executed when the CSV file is opened in spreadsheet softwar...

6.5CVSS5.9AI score0.00228EPSS
Exploits1References2
NVD
NVD
added 2026/05/05 1:16 p.m.8 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS0.00228EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 12:20 p.m.24 views

CVE-2026-27694

Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder