CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

PT-2026-46249

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine depth...

OPENSUSE-SU-2026:10941-1 trivy-0.71.0-1.1 on GA media

These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

CVE-2026-34213 Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

EUVD-2026-22756

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

EUVD-2026-22754

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...

PT-2026-32930

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...

PT-2026-32931

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

EUVD-2019-0799

Malware in sbrugna...

Race Condition within a Thread

Overview zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Race Condition within a Thread in the ServiceConnectorRegistry class in serviceconnectorregistry.py, causing errors that block access to certain service connector types when concurrent...

RubyGem excon Input Validation Error Vulnerability

RubyGem excon is an HTTP server for Ruby applications. A security vulnerability exists in RubyGem excon versions prior to 0.71.0. An attacker can exploit the vulnerability to disclose information...

GHSA-Q58G-455P-8VW9 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

Poppler null pointer dereference vulnerability (CNVD-2019-09120)

Poppler is based on xpdf-3.0 code base PDF rendering library. A null pointer dereference vulnerability exists in goo/GooString.h in Poppler 0.71.0, which can be exploited by an attacker to cause a denial of service...

DEBIAN-CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file...

CVE-2018-19060

CVE-2018-19060 is reported in Poppler 0.71.0 as a NULL pointer dereference in goo/GooString.h that leads to denial of service when pdfdetach does not validate an embedded file’s filename before saving. Connected advisories enumerate Poppler-related issues across multiple vendors (e.g., MiracleLin...

PT-2018-14774 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.71.0 Description: The issue is related to a NULL pointer dereference in the goo/GooString.h file. This can lead to a denial of service. The problem arises when the filename of an embedded file is not validated before...

UBUNTU-CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file...

CVE-2018-19060

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path...