Lucene search
K

112 matches found

Cvelist
Cvelist
added 2026/06/23 5:21 p.m.32 views

CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

7.1CVSS0.00316EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:21 p.m.4 views

CVE-2025-71382

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

7.1CVSS6AI score0.00316EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in c-ares

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...

5.5CVSS6.4AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 2:52 p.m.19 views

CVE-2026-44967

OpenTelemetry-cpp OTLP HTTP exporters (traces/metrics/logs) read entire HTTP responses into an unbounded in-memory byte vector before 1.27.0, enabling memory exhaustion if the collector endpoint is attacker-controlled or the connection is MITM. The issue is fixed in opentelemetry-cpp release 1.27...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/12 2:52 p.m.9 views

EUVD-2026-36466

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 2:52 p.m.10 views

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2026/06/01 11:12 a.m.9 views

Advisory ROSA-SA-2026-3304

Software: mupdf 1.26.10 Operating System: ROSA-CHROME Unaffected versions: = mupdf-1.26.10-2 Affected versions: mupdf-1.26.10-2 CVE-ID: CVE-2026-25556 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability related to double-freeing memory exists in MuPDF versions from 1.23.0 to 1.27.0. This...

7.5CVSS5.8AI score0.00477EPSS
Exploits1
EUVD
EUVD
added 2026/03/31 3:31 p.m.5 views

EUVD-2026-17412

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

6.1AI score0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.12 views

artifex mupdf 安全漏洞

Artifex MuPDF is a rich-text editor developed by individual developers. Unlike standard text editors, programmers can download free rich-text editors and embed them on their own websites or programs of course, paid versions offer more powerful features. This makes it convenient for users to edit...

7.8CVSS6.4AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 4:11 p.m.26 views

CVE-2026-25556 MuPDF 1.23.0 through 1.27.0 Barcode Decoding Double Free

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

5.9CVSS0.00477EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6683

Name of the Vulnerable Software and Affected Versions micropython versions prior to 1.27.0 Description A flaw exists in micropython up to version 1.27.0. This issue is related to memory corruption caused by manipulation of the mp import all function within the py/runtime.c file. The attack requir...

4.8CVSS5.1AI score0.00203EPSS
Exploits1References15
OSV
OSV
added 2026/02/02 11:16 p.m.2 views

UBUNTU-CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS5.8AI score0.00396EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-6730

Name of the Vulnerable Software and Affected Versions MuPDF versions 1.23.0 through 1.27.0 Description MuPDF versions 1.23.0 through 1.27.0 have a double-free issue in the fz fill pixmap from display list function during display list rendering. This occurs when an exception happens, causing the...

5.9CVSS5.5AI score0.00477EPSS
Exploits1References16
CVE
CVE
added 2025/12/26 11:46 p.m.11 views

CVE-2025-68148

The CVE-2025-68148 issue affects FreshRSS versions 1.27.0 through before 1.28.0. An attacker could globally deny access to feeds by manipulating proxy settings to generate a flood of 429 Retry-After responses, effectively making the instance unusable for most users. The vulnerability is addressed...

7.5CVSS6.4AI score0.00423EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.9 views

CVE-2025-65089

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

6.8CVSS6.8AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/19 5:41 p.m.3 views

CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

6.8CVSS6.4AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2025/11/19 5:41 p.m.15 views

CVE-2025-65089

CVE-2025-65089 affects XWiki Remote Macros. Prior to version 1.27.0, a user with no view rights on a page could see the content of an office attachment rendered via the view file macro. This is a data leak due to mis-authorization in the macro rendering path. The issue has been patched in version...

6.8CVSS6.4AI score0.00252EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0126

Malware in sbrugna...

6.1CVSS6.1AI score0.01392EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0125

Malware in sbrugna...

8.2CVSS8.1AI score0.01221EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31653

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00495EPSS
Exploits1References3
Rows per page
Query Builder