Nitro
by Nitro
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3553 | Hig | 0.51 | 7.8 | 0.02 | Feb 8, 2018 | Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file. | ||
| CVE-2013-3552 | Hig | 0.51 | 7.8 | 0.03 | Feb 8, 2018 | Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file. | ||
| CVE-2026-44372 | Med | 0.33 | 6.1 | 0.00 | May 13, 2026 | Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta. | ||
| CVE-2026-44373 | Med | 0.27 | 5.3 | 0.00 | May 13, 2026 | Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This… | ||
| CVE-2008-2817 | 0.03 | — | 0.01 | Jun 23, 2008 | SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action. | |||
| CVE-2025-67825 | 0.00 | — | 0.00 | Jan 8, 2026 | An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The… | |||
| CVE-2013-2773 | 0.00 | — | 0.00 | Jan 14, 2020 | Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution | |||
| CVE-2019-19819 | 0.00 | — | 0.01 | Dec 16, 2019 | The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content. | |||
| CVE-2019-19818 | 0.00 | — | 0.01 | Dec 16, 2019 | The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content. |
- risk 0.51cvss 7.8epss 0.02
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
- risk 0.51cvss 7.8epss 0.03
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
- risk 0.33cvss 6.1epss 0.00
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
- risk 0.27cvss 5.3epss 0.00
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This…
- CVE-2008-2817Jun 23, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
- CVE-2025-67825Jan 8, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The…
- CVE-2013-2773Jan 14, 2020risk 0.00cvss —epss 0.00
Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution
- CVE-2019-19819Dec 16, 2019risk 0.00cvss —epss 0.01
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.
- CVE-2019-19818Dec 16, 2019risk 0.00cvss —epss 0.01
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.