9 matches found
Server-side Request Forgery (SSRF)
Overview docling-graph is an A tool to convert documents into knowledge graphs using Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLInputHandler process. An attacker can access internal network resources or sensitive cloud metadata by...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...
Numeric Truncation Error
Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...
Deserialization of Untrusted Data
Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickleoperations function, which use pickle.loads. An attacker can execute arbitrary code by supplying crafted serialized data that is deserialized...
Linux Distros Unpatched Vulnerability : CVE-2023-22742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform...
PT-2025-32460 · Portabilis · Portabilis I-Diario
Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A cross-site scripting issue exists in Portabilis i-Diario. The issue affects an unknown functionality of the /registros-de-conteudos-por-disciplina/ file within the Registro das atividade...
PT-2022-8298 · Unknown · Iet-Ou Open Media Player
Name of the Vulnerable Software and Affected Versions: IET-OU Open Media Player versions up to 1.5.0 Description: A vulnerability was found in the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml url leads to cross-site scripting. The attack...