Lucene search
K

9 matches found

NVD
NVD
added last week8 views

CVE-2026-44022

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...

5.5CVSS0.00163EPSS
Exploits0References2
CVE
CVE
added last week28 views

CVE-2026-44022

Docling’s LaTeX backend (versions 2.73.0–2.91.0) fails to validate path containment for includegraphics, input, and include commands, enabling path traversal to read arbitrary files accessible to the process and potentially embed sensitive data in converted output. The root cause is insufficient ...

5.5CVSS6AI score0.00163EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/03 9:14 p.m.7 views

GHSA-2J5P-7P5M-CVQR Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Impact The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001046 advisory. The recalculateapicmap function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service ho...

5.2CVSS6.9AI score0.01102EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-15609

Malware in sbrugna...

9.8CVSS9.4AI score0.01971EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/23 7:3 a.m.10 views

CVE-2025-24938

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access administrator to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable...

8.4CVSS7.4AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.6 views

PT-2023-8668 · Unknown · Mailsherlock

Name of the Vulnerable Software and Affected Versions: MailSherlock affected versions not specified Description: The issue is related to insufficient filtering for user input in the MailSherlock query function for connection logs. This allows an authenticated remote attacker with administrator...

8.3CVSS7AI score0.00928EPSS
Exploits0References3
CVE
CVE
added 2009/03/30 10:0 p.m.83 views

CVE-2009-1171

The vulnerability CVE-2009-1171 affects Moodle’s TeX filter in Moodle 1.6 (before 1.6.9+), 1.7 (before 1.7.7+), 1.8 (before 1.8.9), and 1.9 (before 1.9.5). A user-assisted attacker can cause LaTeX to read and include arbitrary files by crafting a input command within a "$${...}$" sequence. This l...

4.3CVSS7.3AI score0.06237EPSS
Exploits1References14Affected Software1
CERT
CERT
added 2002/04/02 12:0 a.m.257 views

ibrow NewsDesk does not securely handle input passed to open()

Overview A vulnerability in ibrow NewsDesk allows an attacker to view files and execute operating system commands with the privileges of the web server. Description ibrow NewsDesk is a Perl CGI script that is designed to create and display news articles on a web site. The code for NewsDesk is...

5CVSS6.7AI score0.05558EPSS
Exploits1References9
Rows per page
Query Builder