Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (3 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-26830 2 Mooz, Pdf-image Project 2 Pdf-image, Pdf-image 2026-04-02 9.8 Critical
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()
CVE-2020-8132 1 Pdf-image Project 1 Pdf-image 2024-11-21 9.8 Critical
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
CVE-2018-3757 1 Pdf-image Project 1 Pdf-image 2024-11-21 9.8 Critical
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.