Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 3:45 p.m.8 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/24 5:48 p.m.7 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS6.7AI score0.00478EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/03 9:15 p.m.6 views

agent-context-packager (>=0.3.0 <=0.3.3), agentcrew-ai (>=0.6.0 <=0.6.11.post2) +237 more potentially affected by CVE-2026-47214 via docling (>=1.11.0 <=2.93.0)

docling PYPI version =1.11.0, =0.3.0, =0.6.0, =0.1.4, =0.3.2, =0.2.5, =0.4.0, =0.2.0, =26.5.333, =1.0.0, =0.0.2, =0.1.0, =1.0.3, =2.0.3 and more Source cves: CVE-2026-47214 Source advisory: OSV:GHSA-Q29V-XC37-WH5M...

7.1CVSS5.7AI score0.00217EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 9:15 p.m.12 views

External Control of File Name or Path

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to External Control of File Name or Path in backend/htmlbackend.py‎, which ...

7.1CVSS5.5AI score0.00217EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/03 9:14 p.m.7 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44022 via docling (>=2.73.1 <=2.90.0)

docling PYPI version =2.73.1, =0.1.0, =0.30.1, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44022 Source advisory: OSV:GHSA-2J5P-7P5M-CVQR...

5.5CVSS5.7AI score0.00163EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 9:14 p.m.8 views

haiku-rag (>=0.19.2 <=0.33.0), iatoolkit (>=1.40.0 <=1.42.0) +19 more potentially affected by CVE-2026-44020 via docling (>=2.17.0 <=2.73.1)

docling PYPI version =2.17.0, =0.19.2, =1.40.0, =0.1.0, =0.2.1, =0.6.1, =0.4.0, =1.0.0, =0.1.29, =0.3.1, =0.10.0, =0.2.1, =0.2.6 and more Source cves: CVE-2026-44020 Source advisory: SNYK:PYTHON-DOCLING-17151850...

9.4CVSS5.7AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 9:13 p.m.8 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.2.4, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: SNYK:PYTHON-DOCLING-17151841...

7.1CVSS5.7AI score0.00113EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 9:13 p.m.7 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.2.4, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: OSV:GHSA-R3XG-RG9J-67FV...

7.1CVSS5.7AI score0.00113EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 9:13 p.m.13 views

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

7.1CVSS5.5AI score0.00113EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/06/03 9:9 p.m.8 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44016 via docling (>=2.87.0 <=2.90.0)

docling PYPI version =2.87.0, =0.1.0, =0.40.0, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44016 Source advisory: SNYK:PYTHON-DOCLING-17151857...

8.2CVSS5.7AI score0.00384EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 9:9 p.m.6 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44016 via docling (>=2.87.0 <=2.90.0)

docling PYPI version =2.87.0, =0.1.0, =0.40.0, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44016 Source advisory: OSV:GHSA-PJ2V-GGQH-CMQ2...

8.2CVSS5.7AI score0.00384EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 8:2 p.m.8 views

agent-context-packager (>=0.3.0 <=0.3.3), agentcrew-ai (>=0.6.0 <=0.6.11.post2) +236 more potentially affected by CVE-2026-44017 via docling (>=1.11.0 <=2.90.0)

docling PYPI version =1.11.0, =0.3.0, =0.6.0, =0.1.4, =0.3.2, =0.2.5, =0.4.0, =0.2.0, =26.5.333, =0.0.2, =0.1.0, =1.0.3, =1.0.0, =1.0.3 and more Source cves: CVE-2026-44017 Source advisory: OSV:GHSA-CJQG-RQ2H-2FVJ...

8.3CVSS5.7AI score0.00478EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 8:2 p.m.11 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in easyocrmodel.py...

8.3CVSS6.1AI score0.00478EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/11 6:31 p.m.19 views

agent-context-packager (>=0.3.0 <=0.3.3), agentcrew-ai (>=0.6.0 <=0.6.11.post2) +229 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.3.0, =0.6.0, =0.1.4, =0.3.2, =0.2.5, =0.4.0, =0.2.0, =26.5.333, =0.0.2, =1.0.3, =1.0.0, =1.0.3 - bidkit-parser =0.1.0 and more Source cves: CVE-2026-31248 Source advisory: OSV:GHSA-9F4Q-Q82Q-4359...

7.5CVSS5.7AI score0.00278EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 6:31 p.m.10 views

agent-context-packager (>=0.3.0 <=0.3.3), agentcrew-ai (>=0.6.0 <=0.6.11.post2) +229 more potentially affected by CVE-2026-31247 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.3.0, =0.6.0, =0.1.4, =0.3.2, =0.2.5, =0.4.0, =0.2.0, =26.5.333, =0.0.2, =1.0.3, =1.0.0, =1.0.3 - bidkit-parser =0.1.0 and more Source cves: CVE-2026-31247 Source advisory: OSV:GHSA-CR42-RG2M-MQ4Q...

7.5CVSS5.7AI score0.00351EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 5:19 p.m.6 views

agent-context-packager (>=0.3.0 <=0.3.3), agentcrew-ai (>=0.6.0 <=0.6.11.post2) +236 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.90.0)

docling PYPI version =1.11.0, =0.3.0, =0.6.0, =0.1.4, =0.3.2, =0.2.5, =0.4.0, =0.2.0, =26.5.333, =0.0.2, =0.1.0, =1.0.3, =1.0.0, =1.0.3 and more Source cves: CVE-2026-31248 Source advisory: SNYK:PYTHON-DOCLING-16757932...

7.5CVSS5.7AI score0.00278EPSS
Exploits0
Rows per page
Query Builder