cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0911,https://securityvulnerability.io/vulnerability/CVE-2025-0911,Information Disclosure Vulnerability in PDF-XChange Editor by Tracker Software,"A vulnerability in PDF-XChange Editor allows for the disclosure of sensitive information due to improper validation of U3D file parsing. This flaw can cause the application to read past the allocated memory, potentially exposing user data. Exploitation requires user interaction, as the victim must visit a malicious webpage or open a compromised file. This vulnerability potentially opens the door for further exploitation in conjunction with other flaws, leading to arbitrary code execution within the affected process.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:58:33.626Z,0
CVE-2025-0910,https://securityvulnerability.io/vulnerability/CVE-2025-0910,Out-Of-Bounds Write Vulnerability in PDF-XChange Editor by Tracker Software Products,"The vulnerability in PDF-XChange Editor arises from the parsing of U3D files, where the application fails to properly validate user-supplied data. This oversight can allow attackers to execute arbitrary code by causing the application to write past the end of an allocated object. Successful exploitation requires user interaction, such as visiting a malicious page or opening a crafted file, enabling the attacker to leverage the flaw in the context of the current process.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:58:17.542Z,0
CVE-2025-0909,https://securityvulnerability.io/vulnerability/CVE-2025-0909,Information Disclosure Vulnerability in PDF-XChange Editor by Tracker Software Products,The vulnerability arises from improper validation of user-supplied data during the parsing of XPS files within PDF-XChange Editor. This flaw can allow remote attackers to disclose sensitive information by tricking users into visiting malicious pages or opening compromised files. Exploitation requires user interaction but can potentially lead to further attacks by enabling code execution within the vulnerable process context.,PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:58:09.870Z,0
CVE-2025-0908,https://securityvulnerability.io/vulnerability/CVE-2025-0908,Information Disclosure Vulnerability in PDF-XChange Editor by Tracker Software,"The vulnerability in PDF-XChange Editor is triggered by improper validation during the parsing of U3D files. This flaw can be exploited by remote attackers to disclose sensitive information, requiring the user to visit a malicious webpage or open a compromised file. By exploiting this vulnerability, attackers could possibly read past the allocated memory buffer, leading to potential exposure of confidential data. This vulnerability can be utilized alongside other vulnerabilities to execute arbitrary code in the context of the affected application.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:58:02.722Z,0
CVE-2025-0907,https://securityvulnerability.io/vulnerability/CVE-2025-0907,Information Disclosure Vulnerability in PDF-XChange Editor Products by Tracker Software,"The vulnerability in PDF-XChange Editor relates to improper handling of JB2 file parsing, leading to potential exposure of sensitive user data. Attackers must entice users to open malicious JB2 files or visit compromised web pages, triggering an out-of-bounds read that allows unauthorized information disclosure. This flaw arises from inadequate validation of input parameters, paving the way for further exploitation in conjunction with other vulnerabilities, including the potential for arbitrary code execution within the affected application's context.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:57:51.572Z,0
CVE-2025-0906,https://securityvulnerability.io/vulnerability/CVE-2025-0906,Out-Of-Bounds Read Vulnerability in PDF-XChange Editor by Tracker Software,"The vulnerability identified in PDF-XChange Editor occurs during the parsing of JB2 files, where inadequate validation of user-supplied data can lead to an out-of-bounds read. This flaw enables remote attackers to potentially disclose sensitive information by prompting a user to open a malicious file or visit a compromised webpage. Exploitation may allow the attacker to gather critical data and could be combined with other vulnerabilities for further damage.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:57:41.221Z,0
CVE-2025-0905,https://securityvulnerability.io/vulnerability/CVE-2025-0905,Information Disclosure Risk in PDF-XChange Editor by Tracker Software Products,"A vulnerability in PDF-XChange Editor allows remote attackers to exploit the JB2 file parsing process, leading to the disclosure of sensitive information. This flaw arises from insufficient validation of user-supplied data, enabling an attacker to read data beyond allocated memory boundaries. Successful exploitation requires user interaction, as the target must open a specially crafted file or visit a malicious website. Attackers may leverage this vulnerability in conjunction with others to compromise system security further.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:57:31.522Z,0
CVE-2025-0904,https://securityvulnerability.io/vulnerability/CVE-2025-0904,Information Disclosure Vulnerability in PDF-XChange Editor by Tracker Software,The vulnerability affects PDF-XChange Editor due to improper validation of user-supplied data while parsing XPS files. This flaw enables remote attackers to disclose sensitive information by persuading users to visit a malicious page or open a harmful file. An attacker could exploit this information disclosure to execute further attacks or compromise the system's integrity. Proper security measures are essential to mitigate potential threats related to this vulnerability.,PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:57:11.371Z,0
CVE-2025-0903,https://securityvulnerability.io/vulnerability/CVE-2025-0903,Heap-based Buffer Overflow Vulnerability in PDF-XChange Editor,"A vulnerability exists in PDF-XChange Editor where improper validation of user-supplied data length during RTF file parsing leads to a heap-based buffer overflow. This flaw could allow an attacker to exploit the system by executing arbitrary code when a victim opens a malicious RTF file or visits a compromised web page. Successful exploitation requires user interaction, as the malicious content needs to be processed within the application.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:57:00.237Z,0
CVE-2025-0902,https://securityvulnerability.io/vulnerability/CVE-2025-0902,Out-Of-Bounds Read Vulnerability in PDF-XChange Editor by Tracker Software,"The vulnerability in PDF-XChange Editor arises from improper validation of user-supplied data during the parsing of XPS files. This flaw allows remote attackers to disclose sensitive information by tricking the user into opening a malicious file or visiting a compromised webpage. By exploiting this vulnerability, attackers can potentially read beyond the allocated memory, increasing the risk of further exploiting the affected system. This can lead to arbitrary code execution under the context of the current user, making it crucial for organizations to patch affected installations promptly.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:56:41.379Z,0
CVE-2025-0901,https://securityvulnerability.io/vulnerability/CVE-2025-0901,PDF-XChange Editor Out-Of-Bounds Read Vulnerability by Tracker Software,"A security vulnerability exists in PDF-XChange Editor that allows attackers to execute arbitrary code on affected systems. The flaw arises from inadequate validation of user-supplied data when handling Doc objects, leading to a potential out-of-bounds read. This can enable an attacker to read data past the allocated buffer, allowing them to execute code within the context of the application. Successful exploitation necessitates that a user interacts with a malicious PDF file or webpage, making awareness and caution critical.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:56:31.557Z,0
CVE-2025-0899,https://securityvulnerability.io/vulnerability/CVE-2025-0899,PDF-XChange Editor AcroForm Use-After-Free Vulnerability Exposes Users to Remote Code Execution Risks,"The vulnerability in PDF-XChange Editor arises from improper handling of AcroForms, which fails to validate object existence before operations. This oversight allows remote attackers to execute arbitrary code if users visit a malicious page or open a harmful file. The flaw can lead to severe security breaches, compromising user systems and data integrity. To mitigate risks, users should apply patches as soon as available and exercise caution when opening documents from untrusted sources.",PDF-xchange,PDF-xchange Editor,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-02-11T19:22:58.592Z,0
CVE-2024-7352,https://securityvulnerability.io/vulnerability/CVE-2024-7352,PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability,"A critical flaw has been identified in the PDF file parsing functionality of PDF-XChange Editor by Tracker Software. This vulnerability stems from inadequate validation of user-supplied data during the parsing process, resulting in an out-of-bounds write. Attackers can exploit this weakness to execute arbitrary code within the context of the affected system. Successful exploitation necessitates user interaction, as the user must either access a malicious web page or open a compromised PDF file. Organizations using PDF-XChange Editor should prioritize applying the latest security patches to mitigate potential risks.",PDF-xchange,PDF-xchange Editor,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T22:15:00.000Z,0
CVE-2024-8814,https://securityvulnerability.io/vulnerability/CVE-2024-8814,Remote Code Execution Vulnerability in PDF-XChange Editor,"A vulnerability exists in the PDF-XChange Editor that allows for remote code execution through improper handling of U3D file parsing. The flaw arises from the absence of adequate validation for user-supplied data, leading to out-of-bounds reads. Attackers can exploit this weakness by enticing users to visit a malicious webpage or open a compromised file. Once triggered, this vulnerability permits the execution of arbitrary code within the context of the affected application, potentially compromising system integrity.",PDF-xchange,"PDF-xchange Editor,PDF-tools",7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8825,https://securityvulnerability.io/vulnerability/CVE-2024-8825,Out-Of-Bounds Read Vulnerability in PDF-XChange Editor,"A vulnerability exists in PDF-XChange Editor that stems from improper validation during the parsing of PDF files. This specific flaw can lead to an out-of-bounds read condition, allowing attackers to execute arbitrary code in the context of the current process. For exploitation to occur, user interaction is necessary, which includes visiting a malicious webpage or opening a compromised PDF file. Attackers can leverage this flaw to gain unauthorized control over affected installations, posing serious risks to user data and system integrity.",PDF-xchange,"PDF-xchange Editor,PDF-tools",7.8,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8829,https://securityvulnerability.io/vulnerability/CVE-2024-8829,Information Disclosure in PDF-XChange Editor's EMF File Parsing,"A vulnerability exists in the PDF-XChange Editor concerning the parsing of EMF files, allowing remote attackers to disclose sensitive information. The flaw stems from inadequate validation of user-supplied data during a specific operation, which leads to a potential read past an allocated buffer. Successful exploitation necessitates user interaction, such as visiting a malicious webpage or opening a harmful file. An attacker could leverage this vulnerability in conjunction with additional exploits to execute arbitrary code in the context of the affected process, threatening the security and confidentiality of user information.",PDF-xchange,"PDF-xchange Editor,PDF-tools",5.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8819,https://securityvulnerability.io/vulnerability/CVE-2024-8819,Out-Of-Bounds Read Vulnerability in PDF-XChange Editor,"A vulnerability exists in PDF-XChange Editor that arises during the parsing of U3D files. The flaw is due to insufficient validation of user-provided data, which can lead to a read operation that exceeds the end limits of an allocated buffer. This allows remote attackers to potentially disclose sensitive information from installations of the affected software. Successful exploitation of this vulnerability requires the target user to interact with a malicious webpage or document, facilitating unauthorized access to sensitive information. Attackers may combine this vulnerability with other exploits to execute arbitrary code within the context of the current application process. For more detailed information, refer to ZDI-24-1242.",PDF-xchange,"PDF-xchange Editor,PDF-tools",5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8820,https://securityvulnerability.io/vulnerability/CVE-2024-8820,Information Disclosure Vulnerability in PDF-XChange Editor,"An information disclosure vulnerability exists within the PDF-XChange Editor related to the parsing of U3D files. This flaw stems from inadequate validation of user-supplied data, leading to the potential for reading beyond the end of an allocated buffer. Remote attackers may exploit this vulnerability by enticing a user to visit a malicious webpage or open a crafted file, enabling the leakage of sensitive data from affected installations. Furthermore, this vulnerability can be exploited in conjunction with other weaknesses to execute arbitrary code within the context of the current process.",PDF-xchange,"PDF-xchange Editor,PDF-tools",5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8824,https://securityvulnerability.io/vulnerability/CVE-2024-8824,Out-Of-Bounds Read Vulnerability in PDF-XChange Editor,"An information disclosure vulnerability exists in PDF-XChange Editor due to improper validation when parsing JB2 files. This flaw can lead to an out-of-bounds read, enabling attackers to exploit the vulnerability provided that the user opens a malicious file or visits a compromised webpage. An attacker could potentially gather sensitive information from the affected installations, and in conjunction with other vulnerabilities, could facilitate arbitrary code execution in the context of the running process.",PDF-xchange,"PDF-xchange Editor,PDF-tools",5.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8834,https://securityvulnerability.io/vulnerability/CVE-2024-8834,Information Disclosure Vulnerability in PDF-XChange Editor,"An information disclosure vulnerability exists in PDF-XChange Editor that impacts the parsing of TIF files. This flaw arises from inadequate validation of user-supplied data, allowing remote attackers to read sensitive information beyond the allocated memory space. To exploit this vulnerability, attackers require user interaction, necessitating that victims either visit a malicious webpage or open a malicious TIF file. Successful exploitation may lead to further attacks by leveraging this flaw to execute arbitrary code within the context of the affected process. Vigilance against these manipulative tactics is essential for maintaining security.",PDF-xchange,"PDF-xchange Editor,PDF-tools",5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8816,https://securityvulnerability.io/vulnerability/CVE-2024-8816,Use-After-Free Vulnerability in PDF-XChange Editor,"A use-after-free vulnerability in the PDF-XChange Editor's U3D file parsing allows remote attackers to disclose sensitive information on vulnerable installations. This security flaw arises from insufficient validation of object existence before performing operations, leading to potential information exploitation. Typically, an attacker must trick users into visiting a malicious webpage or opening a compromised file to leverage this vulnerability, potentially paving the way for arbitrary code execution in the context of the current process.",PDF-xchange,"PDF-xchange Editor,PDF-tools",5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8813,https://securityvulnerability.io/vulnerability/CVE-2024-8813,Remote Code Execution Vulnerability in PDF-XChange Editor Due to U3D File Parsing,"A remote code execution vulnerability exists in the PDF-XChange Editor due to improper validation of user-supplied data during U3D file parsing. This oversight can lead to an out-of-bounds write, allowing attackers to execute arbitrary code in the context of the affected process. Exploitation requires user interaction, as the victim must either visit a specially crafted web page or open a malicious file containing the vulnerable U3D content. Organizations using PDF-XChange Editor should ensure they are on the latest versions to mitigate this risk and secure their systems against potential exploitation.",PDF-xchange,"PDF-xchange Editor,PDF-tools",7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8812,https://securityvulnerability.io/vulnerability/CVE-2024-8812,Remote Code Execution Vulnerability in PDF-XChange Editor,"This vulnerability involves a flaw in the handling of U3D files within the PDF-XChange Editor. Specifically, the absence of sufficient validation for user-supplied data leads to an out-of-bounds read, allowing an attacker to manipulate the process's memory. By enticing a user to visit a compromised web page or open a malicious document, remote attackers can exploit this vulnerability to execute arbitrary code within the context of the application. The threat underscores the importance of secure coding practices and the continual updating of software to mitigate potential attack vectors.",PDF-xchange,"PDF-xchange Editor,PDF-tools",7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8815,https://securityvulnerability.io/vulnerability/CVE-2024-8815,Memory Corruption Vulnerability in PDF-XChange Editor,"This vulnerability in PDF-XChange Editor arises from improper validation of user-supplied data during the parsing of U3D files, leading to memory corruption. An attacker can exploit this flaw to execute arbitrary code within the context of the affected application's process. Exploitation requires user interaction, such as opening a malicious file or visiting a compromised webpage, putting users at risk if proper precautions are not taken. The issue has been documented in ZDI-CAN-24210.",PDF-xchange,"PDF-xchange Editor,PDF-tools",7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0
CVE-2024-8817,https://securityvulnerability.io/vulnerability/CVE-2024-8817,Remote Code Execution Vulnerability in PDF-XChange Editor Due to U3D File Parsing Flaw,"A remote code execution vulnerability exists in PDF-XChange Editor due to insufficient validation of U3D file input. When a user opens a specially crafted U3D file or visits an attacker-controlled web page containing such a file, it can cause an out-of-bounds write, allowing an attacker to execute arbitrary code within the context of the application. The specific flaw occurs during the parsing of user-supplied U3D files, which may lead to manipulating the memory of the application, potentially compromising sensitive data and system integrity.",PDF-xchange,"PDF-xchange Editor,PDF-tools",7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-22T21:15:00.000Z,0