72 matches found
CVE-2026-44020
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...
CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...
CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...
CVE-2026-44020
Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...
XML Entity Expansion
Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML Entity Expansion in backend/xml/usptobackend.py's use of parseStrin...
GHSA-M88R-RG27-5XFG Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...
PT-2026-46101
Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...
PT-2026-46121
Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.74.0 Description The USPTO patent XML parser uses the xml.sax.parseString function without protection against XML External Entity XXE attacks. This allows an attacker to use malicious XML files with external entity...
GNU Privacy Guard 2.5.20
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
GNU Privacy Guard 2.5.18
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
A week in security (February 16 – February 22)
Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets AI-generated passwords are a security risk Intimate products maker Tenga spilled customer data Meta patents ...
Meta patents AI that could keep you posting from beyond the grave
Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...
GNU Privacy Guard 2.4.9
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
[SECURITY] Fedora 43 Update: libpng-1.6.53-1.fc43
The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...
AccuKnox Awarded Patent for Runtime Security of Kernel Events
Menlo Park, United States, 26th August 2025, CyberNewsWire...
WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...
Google Eyes User Browsing Data Search in New Patent Filing
Tech giant Google may soon help users find content they've previously seen, not by searching the web but by scanning their own digital history...
Ford wants to eavesdrop on passenger conversations to help target ads
Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication...
New Patent Application for Car-to-Car Surveillance
Ford has a new patent application for a system where cars monitor each others speeds, and then report then to some central authority. Slashdot thread...