18 matches found
EUVD-2026-39791
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...
CVE-2026-50023 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...
CVE-2026-53722
CVE-2026-53722 affects Nuxt.js prior to versions 3.21.7 and 4.4.7, where did not validate URL schemes bound to its to or href before rendering. Attacker-controlled input (query parameters, CMS fields, or user URLs) can be reflected into the href attribute, enabling reflected DOM-based XSS via ja...
CVE-2026-10856
CVE-2026-10856 concerns an open redirect in the MISP dashboard button widget due to a URL validation flaw. A crafted relative-looking URL could be accepted as a local path while browsers treat it as an external URL, especially when paths begin with /\ and browsers normalize backslashes to slashes...
CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...
GHSA-7GMJ-H9XC-MCXC mailparser vulnerable to Cross-site Scripting
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
CVE-2026-XXXX-Meru-Shell-OpenExternal-RCE
CVE-2026-XXXXX: Arbitrary URL Scheme Execution in Meru Gmail...
Path Traversal
clearml is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic and hard links in the safeextract function, which allows an attacker to write files outside the intended directory and potentially achieve remote code execution...
PT-2024-39514 · WordPress · Pdf Image Generator
Name of the Vulnerable Software and Affected Versions: PDF Image Generator plugin for WordPress versions up to, and including, 1.5.6 Description: The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escapi...
Important: emacs
Issue Overview: In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. CVE-2024-30204 In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode...
AZL-42925 CVE-2024-39331 affecting package emacs for versions less than 29.4-1
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
UBUNTU-CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
PT-2024-4296
Name of the Vulnerable Software and Affected Versions Emacs versions prior to 29.4 Org Mode versions prior to 9.7.5 Description The issue arises from the expansion of a %... link abbrev by the org-link-expand-abbrev function in lisp/ol.el, even when it specifies an unsafe function like...
CVE-2022-40290
The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users...
CVE-2022-22262
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...
DEBIAN-CVE-2021-37746
textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
rpm 后置链接漏洞
rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query, and update packages on Linux systems. A security vulnerability exists in rpm that stems from not performing unsafe symbolic link checks on intermediate directories. An attacker exploiting this...
PYSEC-2018-18
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...