|
1741
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49461
|
2026-06-26 01:48 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1742
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-54530
|
2026-06-26 01:47 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1743
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with ou…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-54531
|
2026-06-26 01:46 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1744
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures doe…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-46349
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1745
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures doe…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-48028
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1746
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent fal…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-50128
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1747
|
7.5 |
HIGH
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception vulerability), due to missing exception …
|
CWE-248
Uncaught Exception
|
CVE-2026-50129
|
2026-06-26 01:32 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1748
|
- |
|
-
|
-
|
Our payment integration with Mollie did not properly validate payment
status responses. An attacker could use a successful payment status
response from one payment and supply it to the system for a…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-57536
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1749
|
- |
|
-
|
-
|
Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src
attribute of these images pointed to an URL, the PDF rendering engine
would d…
|
CWE-80
Basic XSS
|
CVE-2026-57535
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1750
|
- |
|
-
|
-
|
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
|
CWE-80
Basic XSS
|
CVE-2026-57534
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|