Lucene search
K

9 matches found

Snyk
Snyk
added 2026/05/07 3:15 a.m.12 views

Server-side Request Forgery (SSRF)

Overview docling-graph is an A tool to convert documents into knowledge graphs using Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLInputHandler process. An attacker can access internal network resources or sensitive cloud metadata by...

6.9CVSS5.8AI score0.00188EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/28 6:17 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

9.3CVSS5.9AI score0.00298EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 6:17 p.m.5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

9.3CVSS5.9AI score0.00298EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 6:17 p.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

9.3CVSS5.9AI score0.00298EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/02 8:44 a.m.3 views

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...

6.5CVSS6.9AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/09 9:21 p.m.4 views

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickleoperations function, which use pickle.loads. An attacker can execute arbitrary code by supplying crafted serialized data that is deserialized...

8.8CVSS7.6AI score0.00602EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-22742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform...

5.9CVSS5.7AI score0.0058EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/10 12:0 a.m.8 views

PT-2025-32460 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A cross-site scripting issue exists in Portabilis i-Diario. The issue affects an unknown functionality of the /registros-de-conteudos-por-disciplina/ file within the Registro das atividade...

5.1CVSS6.5AI score0.00264EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2022/12/27 12:0 a.m.3 views

PT-2022-8298 · Unknown · Iet-Ou Open Media Player

Name of the Vulnerable Software and Affected Versions: IET-OU Open Media Player versions up to 1.5.0 Description: A vulnerability was found in the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml url leads to cross-site scripting. The attack...

5.4CVSS4.2AI score0.00549EPSS
Exploits0References11
Rows per page
Query Builder