Lucene search
K

683 matches found

Veracode
Veracode
added 2025/09/17 5:42 a.m.11 views

XML External Entity Injection (XXE)

org.apache.tika, tika-parser-pdf-module is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of crafted XFA files inside PDFs, which allows an attacker to read sensitive data or trigger malicious requests to internal or third-party servers...

9.8CVSS7AI score0.02962EPSS
Exploits4References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-20151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file...

9.8CVSS5AI score0.00752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-54988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External...

9.8CVSS7.2AI score0.02962EPSS
Exploits4References2
OSV
OSV
added 2025/08/20 9:30 p.m.6 views

GHSA-P72G-PV48-7W9X Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

9.8CVSS5.8AI score0.02962EPSS
Exploits4References11
OSV
OSV
added 2025/08/20 8:15 p.m.5 views

DEBIAN-CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

8.4CVSS7.8AI score0.02962EPSS
Exploits4References1
CVE
CVE
added 2025/08/20 8:8 p.m.158 views

CVE-2025-54988

This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...

9.8CVSS7.1AI score0.02962EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2025/08/20 8:8 p.m.13 views

CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

8.4CVSS7.2AI score0.02962EPSS
Exploits4References7
RedhatCVE
RedhatCVE
added 2025/05/23 1:8 a.m.11 views

CVE-2022-24370

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...

6.5CVSS6AI score0.01889EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 p.m.6 views

CVE-2022-24954

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings...

9.8CVSS6.9AI score0.11926EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 p.m.14 views

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

7.5CVSS7AI score0.00961EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:55 p.m.15 views

CVE-2021-45978

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API...

7.8CVSS7.9AI score0.015EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.9 views

CVE-2019-14215

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer...

7.5CVSS6.8AI score0.01597EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.10 views

CVE-2019-14212

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object...

7.5CVSS6.7AI score0.02233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:42 a.m.15 views

CVE-2021-31455

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02761EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:41 a.m.11 views

CVE-2021-31459

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02778EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:28 a.m.16 views

CVE-2021-31452

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02933EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:24 p.m.12 views

CVE-2019-6764

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.03484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:3 p.m.14 views

CVE-2019-13319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.04089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:1 p.m.17 views

CVE-2019-13332

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.03852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:19 p.m.11 views

CVE-2020-10899

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.04689EPSS
Exploits0References1
Rows per page
Query Builder