Lucene search
K

72 matches found

NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:45 p.m.30 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 5:45 p.m.6 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS6AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:45 p.m.52 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/03 9:14 p.m.14 views

XML Entity Expansion

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML Entity Expansion in backend/xml/usptobackend.py‎'s use of parseStrin...

9.4CVSS5.5AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 9:14 p.m.7 views

GHSA-M88R-RG27-5XFG Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

7.5CVSS6AI score0.00334EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:14 p.m.19 views

Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

9.4CVSS6AI score0.00334EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46101

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

7.5CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46121

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.74.0 Description The USPTO patent XML parser uses the xml.sax.parseString function without protection against XML External Entity XXE attacks. This allows an attacker to use malicious XML files with external entity...

7.5CVSS5.9AI score0.00334EPSS
Exploits0References11
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.13 views

GNU Privacy Guard 2.5.20

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.5 views

GNU Privacy Guard 2.5.18

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/23 8:2 a.m.6 views

A week in security (February 16 – February 22)

Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets AI-generated passwords are a security risk Intimate products maker Tenga spilled customer data Meta patents ...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/19 11:16 a.m.9 views

Meta patents AI that could keep you posting from beyond the grave

Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/02 12:0 a.m.3 views

GNU Privacy Guard 2.4.9

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/12/14 1:1 a.m.8 views

[SECURITY] Fedora 43 Update: libpng-1.6.53-1.fc43

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

7.1CVSS6.6AI score0.00299EPSS
Exploits2
HackRead
HackRead
added 2025/08/26 12:10 p.m.4 views

AccuKnox Awarded Patent for Runtime Security of Kernel Events

Menlo Park, United States, 26th August 2025, CyberNewsWire...

7.3AI score
Exploits0
Patchstack
Patchstack
added 2025/06/05 12:12 a.m.11 views

WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...

4.3CVSS6.6AI score0.0014EPSS
Exploits0Affected Software1
HackRead
HackRead
added 2025/04/10 5:54 p.m.8 views

Google Eyes User Browsing Data Search in New Patent Filing

Tech giant Google may soon help users find content they've previously seen, not by searching the web but by scanning their own digital history...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/09/13 4:9 p.m.6 views

Ford wants to eavesdrop on passenger conversations to help target ads

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/05 11:7 a.m.7 views

New Patent Application for Car-to-Car Surveillance

Ford has a new patent application for a system where cars monitor each others speeds, and then report then to some central authority. Slashdot thread...

7.3AI score
Exploits0
Rows per page
Query Builder