DEBIAN-CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

CVE-2026-48155 pypdf: Possible large memory usage for large offsets for layout mode text

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

CVE-2026-48155

The CVE concerns the pypdf Python PDF library. Before version 6.12.0, an attacker could craft a PDF that triggers large memory usage when extracting text in layout mode with very large character offsets. This memory impact is the stated vulnerability; mitigation is updating to 6.12.0 where the is...

CVE-2026-48156

The CVE affects the Python PDF library pypdf (prior to 6.12.0). A crafted PDF leveraging cross-reference streams with /W [0 0 0] and large /Size can cause long runtimes. Fixed in 6.12.0; remediation is to upgrade to that version or later.

EUVD-2026-2667

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

CVE-2026-23477 Rocket.Chat Unauthorized Access to OAuth App Details

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

CVE-2025-56513

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...

CVE-2024-47048

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps...

Fedora: Security Advisory (FEDORA-2024-727ecb90c7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat Inc. A security vulnerability exists in Rocket.Chat. An attacker exploiting this vulnerability is able to abuse the UpdateOTRAck method. The following versions are affected: version 6.12.0, version 6.11.2, version 6.10.5, version 6.9.6, version 6.8.6...