Lucene search
K

1189 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.10 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-9F4Q-Q82Q-4359 Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/11 5:19 p.m.10 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.13 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

7.5CVSS0.00351EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.10 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

5.8AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.8 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

5.8AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39633

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

5.8AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.31 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 12:0 a.m.25 views

CVE-2026-31248

CVE-2026-31248 affects Docling's METS GBS backend up to version 2.61.0. The backend parses XML from .tar.gz archives using etree.fromstring() without disabling entity resolution, enabling XML Entity Expansion (XXE) via nested entity definitions (XML Bomb). Processing such a crafted XML can cause ...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.8 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

5.8AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 4:59 p.m.12 views

JLSEC-2026-468

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.5 views

svgo: SVGO: Denial of Service via XML entity expansion

A flaw was found in SVGO, an SVG Scalable Vector Graphics Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node....

7.5CVSS7.2AI score0.00612EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.13 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS7.1AI score0.01402EPSS
Exploits7References15
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.22 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:13512)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13512 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.8CVSS7.6AI score0.01402EPSS
Exploits7References28
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 1:6 p.m.12 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...

9.8CVSS7.4AI score0.00978EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2026/04/26 1:19 p.m.9 views

EUVD-2018-21802

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.3AI score0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/26 1:19 p.m.5 views

CVE-2018-25282 Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.3AI score0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:19 p.m.5 views

CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.3AI score0.00121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/22 12:32 p.m.9 views

CLSA-2026-1776861173 python3: Fix of CVE-2022-48565

CVE-2022-48565: plistlib: reject XML entity declarations in plist files to prevent XXE attacks...

9.8CVSS7.3AI score0.04268EPSS
Exploits3References1
Rows per page
Query Builder