114 matches found
GHSA-Q29V-XC37-WH5M Docling: Unsafe URI and Path Handling in HTML Backend
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...
Astra Linux - уязвимость в ruby-loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...
Astra Linux - уязвимость в ffmpeg5
A flaw was discovered in FFmpeg’s HLS demuxer. This vulnerability allows bypassing checks for unsafe file extensions and triggering arbitrary demuxers using base64-encoded data URIs, along with specific file extensions...
Astra Linux - уязвимость в lxml
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
Astra Linux - уязвимость в ruby-rails-html-sanitizer
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
SUSE CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
nbconvert 路径遍历漏洞
nbconvert is a format conversion library from the Jupyter organization. It converts Jupyter .ipynb notebook files into other static formats, including HTML, LaTeX, PDF, Markdown, etc. Version 6.5 to 7.17.0 of nbconvert has a path traversal vulnerability. This vulnerability arises when...
📄 tpAdmin 1.3.12 Shell Upload
tpAdmin versions 1.3.12 and below suffer from a remote shell upload vulnerability due to improper validation of file uploads within the preview.php component under /admin/lib/webuploader/0.1.5/server/...
CVE-2019-16763
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...
JLSEC-2025-146 A flaw was found in FFmpeg's HLS demuxer
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
EUVD-2018-0762
Malware in sbrugna...
EUVD-2009-4331
Malware in sbrugna...
EUVD-2009-2994
Malware in sbrugna...
EUVD-2021-1936
Malware in sbrugna...
EUVD-2009-2996
Malware in sbrugna...
EUVD-2009-2997
Malware in sbrugna...
EUVD-2009-3001
Malware in sbrugna...
EUVD-2011-2592
Malware in sbrugna...
EUVD-2022-7685
Malicious code in bioql PyPI...
DEBIAN-CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...