142 matches found
CVE-2026-57247
The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing...
CVE-2026-44022
A flaw was found in Docling, a tool for document processing. The LaTeX backend, responsible for handling commands like \includegraphics, \input, and \include, lacked proper validation for file paths. This vulnerability allows an attacker to craft a malicious LaTeX document containing path travers...
EUVD-2026-39791
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...
EUVD-2026-39790
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...
GO-2026-5060 Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg
Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg...
SUSE-SU-2026:2234-1 Security update for python-Pillow
This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial of service bsc1265359. - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs bsc1265154...
Astra Linux – Vulnerability in qpdf
In QPDF 8.2.1, within libqpdf/QPDFWriter.cc, the functions QPDOrWriter::unparseObject and QPDOrWriter::unparseChild contain recursive calls that last for a long time. This allows remote attackers to cause a denial of service by using a crafted PDF file...
Excessive Iteration
Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration in the incremental mode for PDF processing. An attacker can cause excessive resource consumption and...
Across DR-810 安全漏洞
Across DR-810 is an enterprise-level software system developed by the Across company, designed for automating document processing and translation processes. There is a security vulnerability in Across DR-810, which stems from improper access control mechanisms, potentially leading to the leakage ...
CVE-2026-26338
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...
CVE-2026-26339
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...
CVE-2026-26338
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...
CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...
CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...
CVE-2026-26338
The CVE-2026-26338 entry pertains to Hyland Alfresco Transformation Service. The connected documents confirm an unauthenticated server-side request forgery (SSRF) via the service’s document processing functionality. The root cause, affected component, and explicit exploit details are not enumerat...
CVE-2026-26338 Hyland Alfresco Transformation Service SSRF
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...
CVE-2026-26338 Hyland Alfresco Transformation Service SSRF
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...
PT-2026-20878
Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description The Hyland Alfresco Transformation Service contains a flaw that enables unauthenticated attackers to execute code remotely. This issue stems from an argument...
Hyland Alfresco Transformation Service 安全漏洞
The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from parameter injection in the document processing function. This vulnerability may...
PT-2026-20877
Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description An unauthenticated attacker can perform server-side request forgery SSRF via the document processing functionality. SSRF occurs when an application makes reques...