Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-CR42-RG2M-MQ4Q Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 4:17 p.m.13 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

7.5CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.34 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

0.00351EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/04/03 12:0 a.m.34 views

Fedora: Security Advisory for pandoc (FEDORA-2022-1f981071eb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.04192EPSS
Exploits3References2
Rows per page
Query Builder