36179 matches found
CVE-2026-44023
Docling Core (docling-core) versions >= 1.5.0 and = 2.74.1 is recommended. If upgrading isn’t immediately possible, a workaround is to avoid passing untrusted URLs into remote fetch functionality. There is no exploitation detail in the provided documents, and no in‑the‑wild exploit information...
CVE-2026-44019
Docling Core (docling-core) versions 2.5.0 through before 2.74.1 allow local file:// image references and inline data: content without a decoded-size limit when processing untrusted image references. This could enable access to local files readable by the process or cause excessive memory usage f...
CVE-2026-15352
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-15352
CVE-2026-15352 affects NASA’s Core Flight System (cFS) Health & Safety (HS) application. The vulnerability allows a segmentation fault when handling a routine Housekeeping Telemetry request, resulting in a denial-of-service condition. Documents confirm the HS component and cFS are impacted; the i...
EUVD-2026-45022
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-15352
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-62994
CoreDNS vulnerability CVE-2026-62994 affects the Go-based DNS server in versions 1.9.4 through 1.14.5. When a network DNS client uses AXFR for a CoreDNS zone and CoreDNS is configured with the k8s_external headless-service zone transfers feature, and Kubernetes contains a headless service endpoin...
ROOT-APP-MAVEN-CVE-2025-52999 CVE-2025-52999 in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root
Root has patched CVE-2025-52999 in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-GHSA-72HV-8253-57QQ GHSA-72hv-8253-57qq in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root
Root has patched GHSA-72hv-8253-57qq in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-34360 CVE-2026-34360 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core - Patched by Root
Root has patched CVE-2026-34360 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core package for Root:Maven. Multiple fixed versions available...
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...
Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...
WordPress Core <6.5.2 - Cross-Site Scripting
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. id: CVE-2024-4439 info: name: WordPress Core 6.5.2 - Cross-Site Scripting author: nqdung2002 severity: hi...
WordPress WPB Show Core - Cross-Site Scripting
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
Apache Tika - XML External Entity Injection
Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...
ROOT-APP-MAVEN-CVE-2026-1225 CVE-2026-1225 in io.root.ch.qos.logback:logback-core - Patched by Root
Root has patched CVE-2026-1225 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-12798 CVE-2024-12798 in io.root.ch.qos.logback:logback-core - Patched by Root
Root has patched CVE-2024-12798 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-54285 CVE-2026-54285 in @rootio/opentelemetry__core - Patched by Root
Root has patched CVE-2026-54285 in the @rootio/opentelemetrycore package for Root:npm. Multiple fixed versions available...
NASA Core Flight System (cFS) Health & Safety (HS) Application
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...