CVE-2026-41890

creationtimestamp| type| source ---|---|--- 2026-05-07 06:32:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlaltohzys2i...

CVE-2026-41890

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

CVE-2024-41890

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2022-41890

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

CVE-2024-41890

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41890

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41890

CVE-2024-41890 affects Apache Answer up to version 1.3.5. The root issue is Missing Release of Resource after Effective Lifetime: password reset links issued in succession can remain valid during the link’s validity period, enabling potential misuse or hijacking of a previously issued link. A fix...

CVE-2024-41890 Apache Answer: The link to reset the user's password will remain valid after sending a new link

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41890 Apache Answer: The link to reset the user's password will remain valid after sending a new link

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

TensorFlow < 2.10.1 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Multiple vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-34439 Improper access control vulnerability CWE-284 - CVE-2023-45210 Open redirect vulnerability CWE-601 - CVE-2023-46688 Authentication bypass...

JVN#96209256: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-34439 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

CVE-2023-41890

creationtimestamp| type| source ---|---|--- 2023-09-19 18:29:29+00:00| seen| https://t.me/cibsecurity/70728...

CVE-2023-41890

Sustainsys.Saml2 (used to add SAML2P to ASP.NET sites) contains CVE-2023-41890 due to insufficient validation of the IdP issuer when processing a response. This can let a malicious IdP craft a SAML2 response that appears to come from another IdP, and an end user could cause stored AuthenticationP...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41890)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41890 advisory. - TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41890 via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4903 more potentially affected by CVE-2022-41890 via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41890 via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41890 via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41890 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...