5 matches found
GHSA-M88R-RG27-5XFG Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pygments (UTSA-2026-017493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017493 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponentia...
CVE-2026-24515
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
CLSA-2025-1752059462 Update of ca-certificates
update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Entrust Root Certification Authority" - Certificate "AffirmTrust Commercial" - Certificate "AffirmTrust Networking" - Certificate "AffirmTrust Premium" - Certificate...
CVE-2023-50550
layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...