VYPR

Vendor CVEs

Foxitsoftware

All CVEs

1,142 total · sorted by risk
  • CVE-2019-5145Jan 16, 2020
    risk 0.01cvss epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick…

  • CVE-2019-5131Jan 16, 2020
    risk 0.01cvss epss 0.02

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An…

  • CVE-2018-3956Jan 30, 2019
    risk 0.01cvss epss 0.50

    An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in…

  • CVE-2018-17686Jan 24, 2019
    risk 0.01cvss epss 0.24

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2026-1592Feb 3, 2026
    risk 0.00cvss epss 0.00

    Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects…

  • CVE-2026-1591Feb 3, 2026
    risk 0.00cvss epss 0.00

    Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue…

  • CVE-2025-66522Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into…

  • CVE-2025-66520Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or…

  • CVE-2025-66519Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a…

  • CVE-2025-66502Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes…

  • CVE-2025-66501Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper…

  • CVE-2025-66500Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is…

  • CVE-2025-66499Dec 19, 2025
    risk 0.00cvss epss 0.00

    A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

  • CVE-2025-66498Dec 19, 2025
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…

  • CVE-2025-66497Dec 19, 2025
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…

  • CVE-2025-66496Dec 19, 2025
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…

  • CVE-2025-66495Dec 19, 2025
    risk 0.00cvss epss 0.00

    A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or…

  • CVE-2025-66494Dec 19, 2025
    risk 0.00cvss epss 0.00

    A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute…

  • CVE-2025-66493Dec 19, 2025
    risk 0.00cvss epss 0.00

    A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed…

  • CVE-2025-13941Dec 19, 2025
    risk 0.00cvss epss 0.00

    A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these…

  • CVE-2025-55307Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing…

  • CVE-2025-55314Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states…

  • CVE-2025-55309Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal…

  • CVE-2025-59802Dec 11, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF…

  • CVE-2025-55312Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid,…

  • CVE-2025-59803Dec 11, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the…

  • CVE-2025-55308Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may…

  • CVE-2025-55310Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup.…

  • CVE-2025-55313Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after…

  • CVE-2025-55311Dec 11, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital…

  • CVE-2025-9330Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute…

  • CVE-2025-9323Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…

  • CVE-2025-9324Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…

  • CVE-2025-9325Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…

  • CVE-2025-9326Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2025-9327Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…

  • CVE-2025-9328Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2025-9329Sep 2, 2025
    risk 0.00cvss epss 0.00

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2025-32451Aug 13, 2025
    risk 0.00cvss epss 0.01

    A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary…

  • CVE-2024-12753Dec 30, 2024
    risk 0.00cvss epss 0.00

    Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system…

  • CVE-2024-12752Dec 30, 2024
    risk 0.00cvss epss 0.00

    Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must…

  • CVE-2024-12751Dec 30, 2024
    risk 0.00cvss epss 0.00

    Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target…

  • CVE-2024-49576Dec 18, 2024
    risk 0.00cvss epss 0.01

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…

  • CVE-2024-47810Dec 18, 2024
    risk 0.00cvss epss 0.01

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.…

  • CVE-2024-9248Nov 22, 2024
    risk 0.00cvss epss 0.01

    Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-9250Nov 22, 2024
    risk 0.00cvss epss 0.01

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must…

  • CVE-2024-9252Nov 22, 2024
    risk 0.00cvss epss 0.00

    Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-9253Nov 22, 2024
    risk 0.00cvss epss 0.00

    Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-9251Nov 22, 2024
    risk 0.00cvss epss 0.00

    Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-9254Nov 22, 2024
    risk 0.00cvss epss 0.01

    Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must…

Page 9 of 23