1061 matches found
CVE-2026-33438
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...
EUVD-2026-16262
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...
CVE-2026-33438
Stirling-PDF is affected by a Denial of Service (DoS) vulnerability in the watermark endpoint. Affected versions are 2.1.5 through 2.5.1 (prior to 2.5.2). An authenticated user can trigger resource exhaustion and server crashes by sending extreme values for fontSize and widthSpacer to /api/v1/sec...
CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...
CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...
CVE-2026-3354
The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1851
The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-28483
Name of the Vulnerable Software and Affected Versions Stirling-PDF versions 2.1.5 through 2.5.1 Description Stirling-PDF is a locally hosted web application for PDF file operations. An authenticated user can trigger a Denial of Service DoS condition by submitting extreme values for the fontSize a...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006312 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against...
CVE-2026-33418
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...
WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...
WordPress Wikilookup plugin <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Wikilookup versions = 1.1.5...
EUVD-2019-19864
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...
EUVD-2019-19860
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...
CVE-2019-25558
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...
CVE-2019-25556
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...
CVE-2019-25558 Selfie Studio 2.17 Denial of Service via Resize Image
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...
CVE-2019-25558 Selfie Studio 2.17 Denial of Service via Resize Image
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...
CVE-2019-25558
Selfie Studio 2.17 is affected by a Denial of Service in the Resize Image function. The issue allows a local attacker to crash the application by supplying an excessively long buffer; specifically, pasting a large string into the New Width or New Height fields can trigger a buffer overflow. The v...
CVE-2019-25556 TwistedBrush Pro Studio 24.06 Resize Image Denial of Service
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...