Lucene search
K

683 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/26 12:42 a.m.5 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.4AI score0.00348EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/02/26 12:42 a.m.6 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS8.1AI score0.00348EPSS
Exploits1
Cvelist
Cvelist
added 2026/02/26 12:42 a.m.32 views

CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS0.00348EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/26 12:0 a.m.13 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.7AI score0.00348EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-22068

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.3 Description A crafted PDF file can cause excessive RAM usage, potentially leading to exhaustion. This occurs when accessing the xfa property of a reader or writer, specifically when the corresponding stream is...

8.7CVSS5.9AI score0.00348EPSS
Exploits1References38
F5 Networks
F5 Networks
added 2026/01/19 5:9 a.m.14 views

K000159609: Apache Tika vulnerability CVE-2025-66516

Security Advisory Description Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same...

9.8CVSS7AI score0.79807EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 1:43 a.m.14 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF (CVE-2025-66516)

Summary IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF CVE-2025-66516. Apache Tika is used by the Run SQL Scripts feature of IBM i Access Client Solutions to determine the content type of binary colum...

9.8CVSS7.1AI score0.79807EPSS
Exploits5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.14 views

CVE-2021-31460

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.19 views

CVE-2021-31453

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.15 views

CVE-2021-31476

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.06379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.19 views

CVE-2021-31450

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.11 views

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.04787EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.10 views

Atlassian Jira Service Management Data Center and Server < 10.3.15 / 11.0.x < 11.2.1 (JSDSERVER-16477)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16477 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers...

9.8CVSS7.8AI score0.79807EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.10 views

Apache Tika < 3.2.2 XML External Entity

According to its banner, the version of Apache Tika running on the remote host is prior to 3.2.2. It is, therefore, affected by an XML External Entity XXE vulnerability via a crafted XFA file inside of a PDF. Note that the scanner has not tested for these issues but has instead relied only on the...

9.8CVSS7.1AI score0.79807EPSS
Exploits5References2
GithubExploit
GithubExploit
added 2025/12/08 10:50 a.m.239 views

Exploit for CVE-2025-66516

🚨 CVE-2025-66516 — Critical Apache Tika Vulnerability !G7o6Z...

10CVSS7.7AI score0.79807EPSS
Exploits6
GithubExploit
GithubExploit
added 2025/12/07 3:16 a.m.507 views

Exploit for CVE-2025-66516

CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...

10CVSS7.2AI score0.79807EPSS
Exploits6
GithubExploit
GithubExploit
added 2025/12/06 4:21 a.m.713 views

Exploit for Improper Restriction of XML External Entity Reference in Apache Tika

Apache Tika XXE Vulnerability Tester CVE-2025-54988 A compr...

9.8CVSS9.2AI score0.02962EPSS
Exploits4
The Hacker News
The Hacker News
added 2025/12/05 4:23 p.m.16 views

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity XXE injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core 1.13-3.2.1,...

10CVSS8.4AI score0.79807EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/12/05 11:0 a.m.13 views

CVE-2025-66516

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

10CVSS8.7AI score0.79807EPSS
Exploits6References5
OSV
OSV
added 2025/12/04 6:30 p.m.9 views

GHSA-F58C-GQ56-VJJF Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

10CVSS5.9AI score0.79807EPSS
Exploits6References4
Rows per page
Query Builder