List of CVEs

research induced Common Vulnerabilities and Exposure (CVE) excerpt

The following is an incomplete list of CVEs and other recognitions assigned during our research to my group members, close collaborators, or myself.

2026

  1. CVE
    CVE-2026-3774: (PDF) Information Disclosure Vulnerability When Redacting, Encrypting, or Printing Certain PDFs
    Titus Vollbracht, Sören Borgstedt, Christian Mainka, and Vladislav Mladenov
    CVSS: 7,5 (High), Mar 2026
    Website

2025

  1. CVE
    CVE-2025-55311: (PDF) Improper Verification of Cryptographic Signature (CWE-347)
    Titus Vollbracht, Sören Borgstedt, Christian Mainka, and Vladislav Mladenov
    CVSS: 6,5 (Medium), Aug 2025
    Website
  2. Kliksafe
    Hall of fame: Kliksafe - Identified a vulnerability in our DoH service
    Matthias Gierlings, Lukas Knittel, and Christian Mainka
    Aug 2025
    Website
  3. CVE
    CVE-2025-54255: (PDF) Violation of Secure Design Principles (CWE-657)
    Titus Vollbracht
    CVSS: 4,0 (Medium), Sep 2025
    Website

2022

  1. CVE
    CVE-2022-25641: (PDF) Incremental Saving Attack / Shadow Attack
    CVSS: 4.4 (Medium), 2022
  2. PSIRT
    PSIRT-14270: (PDF) Execute High Privileged JavaScript Code in a Certified Document
    2022

2021

  1. CVE
    CVE-2021-25633: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), 2021
  2. CVE
    CVE-2021-25634: (ODF) Timestamp Manipulation with Signature Wrapping
    CVSS: 7.5 (High), 2021
  3. CVE
    CVE-2021-25635: (ODF) Content Spoofing
    CVSS: 7.5 (High), 2021
  4. CVE
    CVE-2021-25636: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), 2021
  5. CVE
    CVE-2021-28545: (PDF) Evil Annotation Attack
    CVSS: 8.1 (High), 2021
  6. CVE
    CVE-2021-28546: (PDF) Sneaky Signature Attack
    CVSS: 6.5 (Medium), 2021
  7. CVE
    CVE-2021-40326: (PDF) New Shadow Attack Variant
    CVSS: 5.5 (Medium), 2021
  8. CVE
    CVE-2021-41830: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), 2021
  9. CVE
    CVE-2021-41831: (ODF) XSW on Signature Timestamp
    CVSS: 5.3 (Medium), 2021
  10. CVE
    CVE-2021-41832: (ODF) Content Spoofing
    CVSS: 7.5 (High), 2021

2020

  1. CVE
    CVE-2020-24432 (PDF) Arbitrary JavaScript Execution
    CVSS: 7.8 (High), 2020
    Website
  2. CVE
    CVE-2020-35931: (PDF) Evil Annotation Attack
    CVSS: 7.8 (High), 2020
  3. CVE
    CVE-2020-9592: (PDF) Shadow Attack
    CVSS: 7.8 (High), 2020
  4. CVE
    CVE-2020-9596: (PDF) Shadow Attack
    CVSS: 7.8 (High), 2020

2018

  1. CVE
    CVE-2018-16042: (PDF) Universal Signature Forgery
    2018
  2. CVE
    CVE-2018-18688: (PDF) Incremental Saving Attack
    2018
  3. CVE
    CVE-2018-18689: (PDF) Signature Wrapping Attack
    2018

2015

  1. Pyoidc
    (Open­ID Con­nect) Pyo­idc.
    In , 2015
    Website
  2. Nimbus
    (OpenID Connect) Nimbus OAuth 2.0 SDK with OpenID Connect Extensions | Connect2id
    In , 2015
    Website

2014

  1. CVE
    CVE-2014-2048: (OpenID) Identity Spoofing in ownCloud
    2014
    Website
  2. CVE
    CVE-2014-8249: (OpenID) Identity Spoofing
    2014
  3. CVE
    CVE-2014-8250: (OpenID) Identity Spoofing
    2014
  4. CVE
    CVE-2014-8251: (OpenID) Identity Spoofing
    2014
  5. CVE
    CVE-2014-8252: (OpenID) Identity Spoofing
    2014
  6. CVE
    CVE-2014-8253: (OpenID) Identity Spoofing
    2014
  7. CVE
    CVE-2014-8254: (OpenID) Identity Spoofing
    2014
  8. CVE
    CVE-2014-8265: (OpenID) Identity Spoofing
    2014
  9. CVE
    CVE-2014-8411: (XML) XE DoS in OpenNebula
    2014
    Website
  10. CVE
    CVE-2014-1475: (OpenID) Identity Spoofing in Drupal
    2014
    Website
  11. Slashdot
    (OpenID) Security Report: Thanks to Christian Mainka and Vladislav Mladenov - Slashdot
    In , Jul 2014
    Website