CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

BIT-PYTORCH-2025-46150

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...

EUVD-2025-31110

Malicious code in bioql PyPI...

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

...

Linux Distros Unpatched Vulnerability : CVE-2025-46152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the other argument. CVE-2025-46152 Note that Nessus...

DEBIAN-CVE-2025-46150

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...

CVE-2025-46152

In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the "other" argument...

CVE-2025-46150

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...

CVE-2024-12168

Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used...

PT-2024-29278 · Unknown · Woodpecker

Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 2.7.0 Description: The issue allows attackers to create malicious workflows that can lead to host takeover or secret leaks. This is possible because the server allows any user to trigger a pipeline run, and those...

Composer Security Vulnerabilities

composer is a software application . Provides a declaration, management and installation of dependencies for PHP projects. A security vulnerability exists in Composer versions prior to 2.2.23 and prior to 2.7.0, which stems from the presence of an arbitrary code execution vulnerability. An attack...

PT-2023-3287 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.10 and 2.7.0 Description: The issue is related to the implementation of fine-grained access control rules, including document-level security, field-level security, and field masking. These rules are not...

Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A numeric error vulnerability exists in versions of Google TensorFlow prior to 2.7.0, which stems from the fact that AllToAll in TensorFlow performs division by zero when inferring code. No details of t...

Google TensorFlow 代码问题漏洞

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a null pointer dereference in the shape inference code of DeserializeSparse in versions of TensorFlow prior to 2.7.0. The vulnerability stems from the shape inference function assuming that the serializespars...

PT-2021-23178 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow version 2.6.1 TensorFlow version 2.5.2 TensorFlow version 2.4.4 Description: Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call...

PT-2021-23183 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference functions for SparseCountSparseOutput can trigger a read...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. An out-of-bounds read vulnerability exists in the shape inference code of tf.ragged.cross in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No details of the vulnerability are currently available...