| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2018-25217 | PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution | Rttsoftware | PDF Explorer | High | 8.4 | 2026-03-26 13:24:17 | Deep Dive |
| CVE-2019-25550 | Encrypt PDF 2.3 Denial of Service via Buffer Overflow | Verypdf | Encrypt PDF | Medium | 6.2 | 2026-03-21 12:46:54 | Deep Dive |
| CVE-2026-33123 | pypdf has inefficient decoding of array-based streams | py-pdf | pypdf | 中危 | - | 2026-03-20 09:09:13 | Deep Dive |
| CVE-2026-27625 | Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction | Stirling-Tools | Stirling-PDF | High | 8.1 | 2026-03-20 08:44:25 | Deep Dive |
| CVE-2026-32416 | WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability | bPlugins | PDF Poster | 中危 | - | 2026-03-13 11:42:15 | Deep Dive |
| CVE-2026-32349 | WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability | Andy Fragen | Embed PDF Viewer | 中危 | - | 2026-03-13 11:41:59 | Deep Dive |
| CVE-2026-2569 | Dear Flipbook <= 2.4.20 - Authenticated (Auhtor+) Stored Cross-Site Scripting via PDF Page Labels | dearhive | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | Medium | 6.4 | 2026-03-10 23:21:12 | Deep Dive |
| CVE-2026-31826 | pypdf: manipulated stream length values can exhaust RAM | py-pdf | pypdf | 中危 | - | 2026-03-10 21:36:52 | Deep Dive |
| CVE-2026-28804 | pypdf: Inefficient decoding of ASCIIHexDecode streams | py-pdf | pypdf | 中危 | - | 2026-03-06 06:46:29 | Deep Dive |
| CVE-2026-28351 | Manipulated RunLengthDecode streams can exhaust RAM | py-pdf | pypdf | 中危 | - | 2026-02-27 20:59:17 | Deep Dive |
| CVE-2026-27888 | pypdf: Manipulated FlateDecode XFA streams can exhaust RAM | py-pdf | pypdf | - | - | 2026-02-26 00:42:01 | Deep Dive |
| CVE-2026-27628 | pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams | py-pdf | pypdf | 高危 | - | 2026-02-25 02:45:38 | Deep Dive |
| CVE-2026-2040 | PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | PDF-XChange | PDF-XChange Editor | - | - | 2026-02-20 22:21:18 | Deep Dive |
| CVE-2026-27026 | pypdf possibly has long runtimes for malformed FlateDecode streams | py-pdf | pypdf | - | - | 2026-02-20 21:12:34 | Deep Dive |
| CVE-2026-27025 | pypdf has possible long runtimes/large memory usage for large /ToUnicode streams | py-pdf | pypdf | - | - | 2026-02-20 21:11:20 | Deep Dive |
| CVE-2026-27024 | pypdf has a possible infinite loop when processing TreeObject | py-pdf | pypdf | - | - | 2026-02-20 21:10:08 | Deep Dive |
| CVE-2026-22350 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | Medium | 6.5 | 2026-02-20 15:47:01 | Deep Dive |
| CVE-2025-68534 | WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability | add-ons.org | PDF for WPForms | Medium | 6.5 | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2026-1906 | PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification | wpovernight | PDF Invoices & Packing Slips for WooCommerce | Medium | 4.3 | 2026-02-18 05:29:17 | Deep Dive |
| CVE-2026-1748 | Invoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure | kirilkirkov | Invoct – PDF Invoices & Billing for WooCommerce | Medium | 4.3 | 2026-02-11 08:26:26 | Deep Dive |