|
811
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphic…
New
|
CWE-22
Path Traversal
|
CVE-2026-44022
|
2026-06-26 01:10 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
- |
|
-
|
-
|
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is cau…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-54904
|
2026-06-26 01:10 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
- |
|
-
|
-
|
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The…
New
|
CWE-128
|
CVE-2026-54905
|
2026-06-26 01:10 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
- |
|
-
|
-
|
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with a…
New
|
CWE-414
CWE-667
Missing Lock Check
Improper Locking
|
CVE-2026-54906
|
2026-06-26 01:10 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
8.2 |
HIGH
Network
|
-
|
-
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly con…
New
|
CWE-94
CWE-918
Code Injection
Server-Side Request Forgery (SSRF)
|
CVE-2026-44016
|
2026-06-26 01:10 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal serv…
New
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-53944
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-53948
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private…
New
|
CWE-200
CWE-693
Information Exposure
Protection Mechanism Failure
|
CVE-2026-53949
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
7.5 |
HIGH
Network
|
-
|
-
|
@tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised Activ…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53950
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context o…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-49220
|
2026-06-26 01:06 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
