2 matches found
CVE-2026-34586
PdfDing (self-hosted PDF manager/editor) is affected by a vulnerability in which check_shared_access_allowed() only validates session existence and does not enforce SharedPdf.inactive (expiration/max views) or SharedPdf.deleted. The Serve and Download endpoints rely on this function, allowing pre...
CVE-2026-34376
PdfDing is vulnerable prior to version 1.7.0 due to an access-control flaw that allowed unauthenticated retrieval of password‑protected shared PDFs via the direct file‑serving endpoint without completing the password verification flow. This could expose confidential documents intended to be prote...