CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/14 4:56 p.m.•9 views

CVE-2026-44520

Docling-Graph.js: The SSRF flaw arises in URLInputHandler, where URLs from untrusted sources are fetched without IP-level validation. Prior to version 1.5.1, the URLValidator only checked scheme and netloc, not private/loopback/link-local addresses, and requests.head() allowed redirects, enabling...

Vulnrichment•added 2026/05/14 4:56 p.m.•3 views

CVE-2026-44520 Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler

Cvelist•added 2026/05/14 4:56 p.m.•27 views

CVE-2026-44520 Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler

5.7CVSS0.00029EPSS

EUVD•added 2026/05/14 4:56 p.m.•2 views

EUVD-2026-30340

OSV•added 2026/05/07 3:15 a.m.•5 views

GHSA-FQPH-J6V6-JVGX docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler

Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...

Github Security Blog•added 2026/05/07 3:15 a.m.•6 views

Exploits0References4

docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/07 12:0 a.m.•6 views

PT-2026-38412

Name of the Vulnerable Software and Affected Versions Docling-Graph versions prior to 1.5.1 Description The URLInputHandler class in docling graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating if the target resolves to a private, loopback, or link-local IP...

Github Security Blog•added 2026/05/06 8:47 p.m.•8 views

Exploits0References6

phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

6AI score

Exploits0References2Affected Software2

Vulnrichment•added 2026/04/08 6:26 p.m.•3 views

CVE-2026-35400 LORIS incorrectly trusts user input in publication module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

3.5CVSS6AI score0.00044EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30014

Summary Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body...

7.5CVSS6AI score0.00065EPSS

Exploits1References4

CVE•added 2026/03/22 1:38 p.m.•1 views

CVE-2019-25595

CVE-2019-25595 affects jetAudio 8.1.7.20702 Basic. The vulnerability is a denial-of-service in the URL input handler: feeding an excessively long string (e.g., a 5000-character buffer) can crash the application. This is a local attack with no user interaction beyond opening the URL dialog. The av...

6.9CVSS6AI score0.00017EPSS

Exploits0References4

NVD•added 2026/03/22 1:16 a.m.•1 views

CVE-2019-25586

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

6.9CVSS0.00021EPSS

Exploits1References4

Snyk•added 2026/03/10 6:41 p.m.•2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

8.7CVSS5.8AI score0.001EPSS

Snyk•added 2026/03/10 6:41 p.m.•2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit ...

8.7CVSS5.8AI score0.001EPSS

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10441

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS5.8AI score0.0005EPSS

Exploits0References3

Vulnrichment•added 2026/03/10 12:17 a.m.•1 views

CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

6.1CVSS5.8AI score0.0005EPSS

Cvelist•added 2026/03/10 12:17 a.m.•24 views

CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

6.1CVSS0.0005EPSS