31 matches found
CVE-2026-44520
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the...
CVE-2026-44520
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the...
CVE-2026-44520 Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the...
CVE-2026-44520 Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the...
CVE-2026-44520
Docling-Graph.js: The SSRF flaw arises in URLInputHandler, where URLs from untrusted sources are fetched without IP-level validation. Prior to version 1.5.1, the URLValidator only checked scheme and netloc, not private/loopback/link-local addresses, and requests.head() allowed redirects, enabling...
docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler
Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...
Server-side Request Forgery (SSRF)
Overview docling-graph is an A tool to convert documents into knowledge graphs using Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLInputHandler process. An attacker can access internal network resources or sensitive cloud metadata by...
GHSA-FQPH-J6V6-JVGX docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler
Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...
PT-2026-38412
Name of the Vulnerable Software and Affected Versions Docling-Graph versions prior to 1.5.1 Description The URLInputHandler class in docling graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating if the target resolves to a private, loopback, or link-local IP...
CVE-2026-34459 Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: appletbkbd: fixed memory corruption of inputhandlerlist In appletbkbdprobe, an input handler is initialized and then registered with the input core through inputregisterhandler. When this occurs, the input core adds the inpu...
CVE-2019-25595 jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causin...
CVE-2019-25595 jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causin...
SUSE CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
EUVD-2025-205087
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
UBUNTU-CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
EUVD-2025-22609
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-38394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix memory corruption of inputhandlerlist In appletbkbdprobe an input...