Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-44022 — Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphic…

docling | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.4 CRITICAL
CVE-2026-44020 — Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard …

docling | Remote | XML External Entity
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
8.3 HIGH
CVE-2026-44017 — Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP …

docling | Remote | Supply Chain
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
8.2 HIGH
CVE-2026-44016 — Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly con…

docling | Remote | Server-Side Request Forgery
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-54906 — concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release c…

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with a…

concurrent_ruby | Remote | Race Condition
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2026-54905 — concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock withou…

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The…

concurrent_ruby | Race Condition
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-54904 — concurrent-ruby: `AtomicReference#update` livelocks when the stored value is `Float::NAN`

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is cau…

concurrent_ruby | Remote | Race Condition
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54297 — Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via de…

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query par…

faraday | Remote | Denial of Service
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
7.8 HIGH
CVE-2026-53130 — fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START

In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START omfs_fill_super() rejects oversized s_sys_blocksize values (> PAGE_SI…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53129 — fs/mbcache: cancel shrink work before destroying the cache

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mb_cache_destroy() calls shrinker_free() and then frees all cache entr…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53128 — drbd: Balance RCU calls in drbd_adm_dump_devices()

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbd_adm_dump_devices() Make drbd_adm_dump_devices() call rcu_read_lock() before rcu_read_unlock() is …

linux_kernel | Race Condition
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53127 — block: fix zones_cond memory leak on zone revalidation error paths

In the Linux kernel, the following vulnerability has been resolved: block: fix zones_cond memory leak on zone revalidation error paths When blk_revalidate_disk_zones() fails after disk_revalidate_z…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53126 — blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current() Add the missing put_disk() on the error path in blkcg_maybe…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53125 — md: fix array_state=clear sysfs deadlock

In the Linux kernel, the following vulnerability has been resolved: md: fix array_state=clear sysfs deadlock When "clear" is written to array_state, md_attr_store() breaks sysfs active protection s…

linux_kernel | Race Condition
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53124 — ublk: reset per-IO canceled flag on each fetch

In the Linux kernel, the following vulnerability has been resolved: ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands …

linux_kernel | Race Condition
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53123 — md: wake raid456 reshape waiters before suspend

In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5_…

linux_kernel | Race Condition
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53122 — btrfs: fix deadlock between reflink and transaction commit when using flushoncommit

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we…

linux_kernel | Race Condition
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53121 — amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init()

In the Linux kernel, the following vulnerability has been resolved: amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init() On failure to set the epp, the function amd_pstate_epp_cpu_init() return…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53120 — PCI: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is c…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-53119 — platform/wmi: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() call…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
Showing 20 of 7989 Results