GHSA-J5XP-7M2F-49JV Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

GO-2026-4578 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver...

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

Unity Linux 20.1070e Security Update: ffmpeg (UTSA-2025-680631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680631 advisory. Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate ffconcat file that references an image,...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

UBUNTU-CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long...

VulnCheck KEV: CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...

CVE-2005-0565

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...