Stirling-PDF 跨站脚本漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Version 2.7.3 of Stirling-PDF contains a cross-site scripting vulnerability. This vulnerability stems from the /api/v1/convert/eml/pdf endpoint parameter with...

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...