VYPR

Nitro

by Nitro

npm: nitro

Source repositories

CVEs (9)

  • CVE-2013-3553HigFeb 8, 2018
    risk 0.51cvss 7.8epss 0.02

    Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2013-3552HigFeb 8, 2018
    risk 0.51cvss 7.8epss 0.03

    Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2026-44372MedMay 13, 2026
    risk 0.33cvss 6.1epss 0.00

    Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.

  • CVE-2026-44373MedMay 13, 2026
    risk 0.27cvss 5.3epss 0.00

    Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This…

  • CVE-2008-2817Jun 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.

  • CVE-2025-67825Jan 8, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The…

  • CVE-2013-2773Jan 14, 2020
    risk 0.00cvss epss 0.00

    Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

  • CVE-2019-19819Dec 16, 2019
    risk 0.00cvss epss 0.01

    The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.

  • CVE-2019-19818Dec 16, 2019
    risk 0.00cvss epss 0.01

    The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.