GHSA-Q29V-XC37-WH5M Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

CVE-2026-45575

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

PT-2026-44729

Name of the Vulnerable Software and Affected Versions compliance-trestle version 4.0.2 Description The profile import mechanism in the compliance-trestle library fails to perform boundary checks when resolving trestle:// URIs and relative file paths. By joining these paths with trestle root and...

CVE-2026-45575

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

SailingLab AppLock 安全漏洞

SailingLab AppLock is a mobile application privacy protection tool developed by SailingLab. It supports features such as app locking, PIN verification, and fingerprint unlocking. Version 4.3.8 of SailingLab AppLock contains a security vulnerability. This vulnerability stems from the...

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

Important: php8.5

Issue Overview: uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. CVE-2026-42371 In uriparser before 1.0.2, there is pointer difference truncation to int in various places. CVE-2026-44927 In uriparser before 1.0.2, t...

PT-2026-43381

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

Astra Linux - уязвимость в ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...

CVE-2026-7504

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...

GHSA-5RV5-XJ5J-3484 Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping

Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...

EUVD-2026-30569

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

PT-2026-41322

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

UBUNTU-CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

PT-2026-38682

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.2 Description The function family EqualsUri can misclassify two unequal URIs as equal. Recommendations Update to version 1.0.2 or later. As a temporary workaround, restrict the use of the EqualsUri function unti...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mako vulnerability (USN-8234-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8234-1 advisory. It was discovered that Mako incorrectly handled URIs with double-slash prefixes in...