Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: mfd: davincivoicecodec: Fixed a possible nullptrderef issue in davincivcprobe. This issue could lead to a nullptrderef when using ‘res’. If platformgetresource returns NULL, moving using ‘res’ after devmioremapresource will preve...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: A possible null-ptr-deref issue has been fixed in cadencenanddtprobe. This issue could lead to a null-ptr-deref when using ‘res’. If platformgetresource returns NULL, moving using ‘res’ after...

CVE-2026-43469

A flaw was found in the Linux kernel's xprtrdma component. This vulnerability occurs when the rpcrdmapostrecvs function fails to create a work request or exits prematurely, leading to the rereceiving counter not being decremented. This improper resource handling can cause the system to hang...

Astra Linux - уязвимость в ffmpeg

A Denial of Service issue in FFmpeg 4.2 occurs due to resource management errors in the fftools/cmdutils.c file...

CVE-2026-22745

The vulnerability is in the Spring Framework’s static resource resolution when serving file-system backed resources in Spring MVC/WebFlux apps on Windows. Affected component: org.springframework:spring-core. Under the conditions that the app uses Spring MVC or Spring WebFlux, serves static resour...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014346 advisory. In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizer...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013180)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013180 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hifmspi nor mspi is available If neither a hifmspi nor msp...

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-23284

A flaw was found in the Linux kernel's mtkethsoc driver. This vulnerability occurs when an error in the mtkopen routine within mtkxdpsetup leads to an incorrect reset of the eBPF Extended Berkeley Packet Filter program pointer without properly decreasing its reference count. This improper resourc...

CVE-2026-23305

A flaw was found in the accel/rocket component of the Linux kernel. This vulnerability arises from improper error handling during the unwinding process in the rocketprobe function. When the rocketcoreinit function fails, the system does not correctly manage resources, leading to out-of-bounds...

CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

Denial-of-Service (DoS)

React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992988 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platformgetresource It will cause null-ptr-deref ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992497 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platformgetresource It will cause null-ptr-deref ...

Linux Distros Unpatched Vulnerability : CVE-2023-53991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system because th...

CVE-2023-53814 PCI: Fix dropping valid root bus resources with .end = zero

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix dropping valid root bus resources with .end = zero On r8a7791/koelsch: kmemleak: 1 new suspected memory leaks see /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xc3a34e00 size 64: comm...

Important: tigervnc

Issue Overview: A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potential...

ROS-20251106-06

Vulnerabilities in Asterisk management systems are related to improper management of internal resources of the of the application. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989639)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989639 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in armsmmudeviceprobe It will cause null-ptr-deref wh...