Lucene search
K

38 matches found

NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:40 a.m.3 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.7 views

CVE-2026-9646

A reflected cross-site scripting issue exists in URL handling...

6.1CVSS5.2AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.14 views

CVE-2019-25735

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46205

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References5
Hacker One
Hacker One
added 2026/05/26 5:19 a.m.21 views

curl: Mentioned unites are at the same time .Then we have to increase the bounty.

Summary: Once you done with the coding then we have to increase the bounty and then write the reviwe on the same Once we find the error then we have to submit the margin and find the events Affected version Use a language that is not susceptible to these issues. However, be careful of null byte...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/10 7:20 p.m.3 views

GHSA-C9VM-HV86-F23R justhtml includes multiple security fixes

Summary justhtml 1.15.0 includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases. These issues have different impact levels and do not all affect the default configuration in the same way...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/04/10 12:1 p.m.6 views

RLSA-2026:7011 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Page Replica 代码问题漏洞

Page Replica is an open-source tool for web content extraction and structured processing developed by Page Replica. Versions of Page Replica e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the parameter url in th...

6.5CVSS6.7AI score0.00206EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/03/20 3:8 p.m.4 views

CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

7.1CVSS4.4AI score0.00308EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

elysia 安全漏洞

Elysia is an open-source framework developed by Elysia. Versions of Elysia prior to 1.4.26 contained security vulnerabilities. These vulnerabilities were caused by defects in the regular expressions used in the t.String format for handling URLs, which could lead to denial-of-service attacks due t...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23468

Name of the Vulnerable Software and Affected Versions Exploding Gradients RAGAS versions 0.2.3 through 0.2.14 Description An arbitrary file read issue exists in the ImageTextPromptValue class. This is due to insufficient validation and sanitization of URLs provided in the retrieved contexts...

7.5CVSS5.9AI score0.00534EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.6 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

5.9AI score0.00534EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/16 12:32 p.m.3 views

CVE-2026-2556

A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be...

6.5CVSS5.2AI score0.00313EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 7 : tomcat-7.0.76-9.el7 (AXSA:2019-4053:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4053:02 advisory. tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 tomcat: Late...

9.8CVSS7.7AI score0.21979EPSS
Exploits2References5
Veracode
Veracode
added 2025/11/21 8:28 a.m.7 views

Denial-of-service (DoS)

@plone/volto is vulnerable to a denial-of-service DoS. The vulnerability is due to improper handling of a specific URL request, which allows an attacker to crash the NodeJS server component by simply visiting that crafted URL...

8.7CVSS6.9AI score0.00408EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2025/10/27 2:43 p.m.6 views

CLSA-2025-1761576180 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Bypassing of some rewrite rules by a specially crafted request - debian/patches/CVE-2025-31651.patch: better handling of URLs - CVE-2025-31651...

9.8CVSS7.3AI score0.0418EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/08/11 5:35 p.m.2 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS7.3AI score0.00472EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.3 views

webkitgtk: Visiting a malicious website may lead to address bar spoofing

A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass security restrictions and spoof the user's address bar. This issue occurs when a victim is persuaded to access a specially crafted website due to improper handling of URLs...

4.3CVSS5.8AI score0.00965EPSS
Exploits0References5
OSV
OSV
added 2024/01/02 5:15 a.m.7 views

AZL-32314 CVE-2023-26159 affecting package reaper for versions less than 3.1.1-8

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

6.1CVSS6.7AI score0.00797EPSS
Exploits1References1
Rows per page
Query Builder