74872 matches found
CVE-2026-47214
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...
CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...
CVE-2026-44018
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...
CVE-2025-11919
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...
CVE-2026-9639
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...
CVE-2026-12411
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...
CVE-2026-45195
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...
CVE-2026-5757
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...
CVE-2026-21734
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...
CVE-2026-57667
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
CVE-2026-57665
Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...
CVE-2026-57663
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...
CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...
CVE-2026-57662
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
CVE-2026-57660
Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...
CVE-2026-57661
Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...
CVE-2026-57659
Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...
CVE-2026-57657
Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...
CVE-2026-57658
Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...
CVE-2026-57656
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
CVE-2026-57655
Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...
CVE-2026-57654
Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...
CVE-2026-57653
Contributor SQL Injection in WP Job Portal = 2.5.2 versions...
CVE-2026-57651
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
CVE-2026-57652
Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...
CVE-2026-57650
Contributor Cross Site Scripting XSS in Magazine Blocks = 1.8.3 versions...
CVE-2026-57648
Contributor Broken Access Control in Nelio Content = 4.3.4 versions...
CVE-2026-57649
Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...
CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
CVE-2026-57646
Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...
CVE-2026-57645
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57644
Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...
CVE-2026-57643
Contributor SQL Injection in WP Post Author = 3.9.1 versions...
CVE-2026-57642
Contributor SQL Injection in Gallery = 4.7.8 versions...
CVE-2026-57640
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
CVE-2026-57641
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...
CVE-2026-57638
Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57637
Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...
CVE-2026-57635
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost - Products Compare = 1.1.0 versions...
CVE-2026-57634
Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...
CVE-2026-57632
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...
CVE-2026-57631
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57630
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57629
Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...
CVE-2026-57628
Administrator SQL Injection in WP All Import = 4.0.1 versions...
CVE-2026-57627
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
CVE-2026-57622
Subscriber Broken Access Control in WPCafe = 3.0.14 versions...
CVE-2026-57617
Contributor Cross Site Scripting XSS in SeedProd Pro 6.19.5 versions...