Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

CVE-2026-0954

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially craft...

PT-2025-53606

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...

SUSE CVE-2025-68266

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

UBUNTU-CVE-2025-68266

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

CVE-2025-57774

There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2025-57778

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

CVE-2025-57778

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

CVE-2025-57777

CVE-2025-57777 is a vulnerability in Digilent DASYLab caused by an out-of-bounds write in displ2.dll while parsing DSB files. The flaw can lead to arbitrary code execution and requires a user to open a specially crafted DSB file. Multiple connected sources (ZDI-25-890, NVD/NVD citation, RH) confi...

CVE-2025-9387 DCN DCME-720 Web Management Backend ip_block.php os command injection

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

USN-7704-2 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

CVE-2025-49619

Skyvern is affected by a server-side template injection (SSTI) in the Prompt field of workflow blocks (notably Navigation v2). The root cause is improper sanitization of Jinja2 input, allowing an authenticated user to inject expressions that are evaluated server-side, leading to blind remote code...

PT-2024-16325 · Wuzhicms · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: wuzhicms version 4.1.0 Description: A critical issue has been found, affecting the add/edit function of the file www/coreframe/app/content/admin/block.php. This leads to code injection and can be exploited remotely. The issue has been publicl...

PT-2024-7483 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to errors in privilege management within the Common Log File System CLFS driver of Microsoft Windows operating systems. It allows an attacker to potentially...

Transmission has unspecified vulnerabilities

Transmission is an open source BitTorrent client application. The program mainly provides features such as file downloads. A security vulnerability exists in Transmission versions prior to 1.92, which can be exploited by attackers to prevent file downloads...

Cisco FirePower series firewall vulnerability that allows malware to bypass detection-vulnerability warning-the black bar safety net

CISCO FirePower series firewall devices there is a security vulnerability that allows malware to bypass detection mechanisms. Cisco is working to issue a security update program to a critical Vulnerability, CVE-2 0 1 6-1 3 4 5 the vulnerability affects Cisco one of the latest products-FirePower...

PT-2012-4683 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.1.x through 2.1.6 Moodle versions 2.2.x through 2.2.3 Description: The issue allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block, due to improper restriction of fil...