465 matches found
CVE-2026-61460
Krayin CRM up to version 2.2.3 is affected by an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. The root cause is missing record-level ownership validation in edit, update, and destroy methods, e...
PYSEC-2026-941 `CHECK` fail via inputs in `SdcaOptimizer`
Impact Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. python import tensorflow as tf tf.rawops.SdcaOptimizer sparseexampleindices=4 tf.random.uniform5,5,5,3, dtype=tf.dtypes.int64, maxval=100, sparsefeatureindices=4 tf.random.uniform5,5,5,3,...
PYSEC-2026-1021 `CHECK` fail via inputs in `PyFunc`
Impact An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. python import tensorflow as tf value = tf.constantvalue=1,2 token = b'\xb0' dataType = tf.int32 tf.rawops.PyFuncinput=value,token=token,Tout=dataType Patches We have patched the issue in GitHub...
PYSEC-2026-1017 TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`
Impact If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf filename = tf.constant"" tensornames = tf.constant"" Save data = tf.casttf.random.uniformshape=1,...
PYSEC-2026-940 TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`
Impact The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "VALID" dataformat = "NHWC"...
PYSEC-2026-1006 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`
Impact When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None...
PYSEC-2026-1036 TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation
Impact In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in CheckIsAlignedAndSingleElement. python import tensorflow as tf...
PYSEC-2026-1022 TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma`
Impact When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=4,, dtype=tf.int32, maxval=65536 arg1=tf.random.uniformshape=4, 4, dtype=tf.float64, maxval=None...
PYSEC-2026-1020 TensorFlow vulnerable to `CHECK` fail in `Unbatch`
Impact When Unbatch receives a nonscalar input id, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=3, 3, 1, dtype=tf.float64 arg1=tf.constantvalue=np.random.randint0,100,size=3, 3, 1,...
PYSEC-2026-982 TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`
Impact When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=4,, dtype=tf.int32, maxval=65536 arg1=tf.random.uniformshape=4, 4, 4, 4, 4, dtype=tf.float32, maxval=None...
PYSEC-2026-1016 TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`
Impact If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf batchedinput = True rtnestedsplits = tf.constant0,32,64, shape=3,...
PYSEC-2026-978 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
Impact If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=4, dtype=tf.float32 min ...
PYSEC-2026-1019 TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
Impact The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. python import tensorflow as tf import numpy as np value = np.ones1, 1, 1, 1 ksize = 1, 1e20, 1, 1 strides = 1, 1, 1, 1 padding = 'SAM...
PYSEC-2026-974 TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation
Impact The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. python import tensorflow as tf tf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 Patche...
PYSEC-2026-1024 TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
Impact If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string Patches We have patched the issue ...
CVE-2026-8380
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...
CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
CVE-2026-4109
The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-20455
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...