14 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...
EUVD-2025-51480
Malicious code in toxic-amber-trout npm...
acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +293 more potentially affected by CVE-2024-5187 +1 more via onnx (>=0.2.0 <=1.17.0)
onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.3.0, =0.1.8, =1.7.0, =1.3.0, =0.3.1, =1.3.0, =0.0.9, =0.4.30 and more Source cves: CVE-2024-5187, CVE-2025-51480 Source advisory: OSV:PYSEC-2025-148...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
CVE-2025-51480
A CVE-2025-51480 exists for ONNX 1.17.0 reporting a path traversal flaw in onnx.external_data_helper.save_external_data that lets an attacker overwrite arbitrary files by crafted external_data.location traversal sequences. Affected component is ONNX 1.17.0; root cause involves directory traversal...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
CVE-2024-51480
RedisTimeSeries is a time-series database TSDB module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially...
CVE-2024-51480 RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability
RedisTimeSeries is a time-series database TSDB module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially...
CVE-2024-51480
CVE-2024-51480 (RedisTimeSeries) affects RedisTimeSeries; a vulnerability arises when an authenticated user runs TS.QUERYINDEX, TS.MGET, TS.MRAGE, or TS.MREVRANGE with crafted arguments, causing an integer overflow that may lead to a heap overflow and potentially remote code execution. Affected s...
acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +173 more potentially affected by CVE-2024-5187 +1 more via onnx (>=0.2.0 <=1.16.1)
onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.3.1, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.1.4 - autodistill-yolonas =0.1.1 and more Source cves: CVE-2024-5187, CVE-2025-51480 Source advisory: OSV:GHSA-6RQ9-53C3-F7VJ...
CVE-2023-51480
creationtimestamp| type| source ---|---|--- 2024-02-10 10:31:39+00:00| seen| https://t.me/ctinow/182515 2024-03-03 12:11:40+00:00| seen| https://t.me/ctinow/198701...
CVE-2023-51480
CVE-2023-51480 affects the WordPress plugin “Active Products Tables for WooCommerce” (Professional/Profit Products Tables). The vulnerability is a Cross‑Site Scripting (Stored XSS) due to improper neutralization of input during web page generation. It lists affected versions as
WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51480 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1afdf4fd5235 Credits LVT-tholv2k...