CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

PT-2026-46249

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine depth...

OPENSUSE-SU-2026:10941-1 trivy-0.71.0-1.1 on GA media

These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

CVE-2026-34213 Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

EUVD-2026-22754

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...

EUVD-2019-0799

Malware in sbrugna...

Poppler null pointer dereference vulnerability (CNVD-2019-09120)

Poppler is based on xpdf-3.0 code base PDF rendering library. A null pointer dereference vulnerability exists in goo/GooString.h in Poppler 0.71.0, which can be exploited by an attacker to cause a denial of service...

DEBIAN-CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file...

PT-2018-3848 · Poppler +5 · Poppler +5

Name of the Vulnerable Software and Affected Versions: Poppler version 0.71.0 Description: The issue is related to a memory leak in the GfxState.cc component of the Poppler library, which is used for displaying PDF files. This memory leak occurs due to a resource not being released after its vali...