CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

CVE-2026-31228

The connected documents confirm a vulnerability in the Adversarial Robustness Toolbox (ART) up to version 1.20.1, specifically in its Kubeflow component. The root cause is that the robustness evaluation function for PyTorch models uses Python’s unsafe eval() to dynamically evaluate user-supplied ...

CVE-2026-31229

The ART (Adversarial Robustness Toolbox) package up to v1.20.1 contains an insecure deserialization vulnerability in its Kubeflow component’s model loading path. Loading model weights (e.g., model.pt) uses torch.load() without weights_only=True, allowing arbitrary Python object deserialization vi...

PT-2026-40238

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

PT-2026-40022

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Description A use-after-free issue exists in the JavaScript: WebAssembly component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from UI component out-of-bounds reads, which could allow a remote attacker with access to the renderer process to obtain...

PT-2026-40116

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by an integer overflow issue in the ANGLE component. This vulnerability could allow remote attackers to execute out-of-bound memory writes...

PT-2026-40397

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the...

Security Vulnerabilities fixed in Firefox 150.0.3 — Mozilla

CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component Reporter ggwhyp Impact high References Bug 2036978 CVE-2026-8389: JIT miscompilation in the JavaScript Engine: JIT component Reporter ggwhyp Impact high References Bug 2036983 CVE-2026-8390: Use-after-free in the...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by insufficient policy enforcement in the Payments component. This vulnerability could allow remote attackers to bypass autonomous access...

PT-2026-41109

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Mojo allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...

JunoClaw 代码问题漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions of JunoClaw prior to 0.x.y-security-1 contained code vulnerabilities. These vulnerabilities stemmed from the computeDataVerify function in the WAVS bridge, which did not validate the protocol, port, or parse the IP...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from a reuse issue in the GTK component. This vulnerability could allow remote attackers to execute arbitrary code through a...

PT-2026-40117

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustness evaluation fgsm pytorch.py. The script uses the unsafe eval function to parse string values provided via the --clip values and --input shape command-lin...

PT-2026-40046

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11 Description A sandbox escape exists in the Profile Backup component. A sandbox is a security mechanism for separating running programs,...

CVE-2026-31230

The CVE-2026-31230 vulnerability concerns the Adversarial Robustness Toolbox (ART) up to v1.20.1, specifically in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The issue arises from using unsafe eval() to parse string values passed via --clip_values and --input_shape, enabling a...

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a race condition vulnerability, which originated from a race condition issue in the Payments component. This vulnerability could allow remote attackers to exploit the system by usin...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Downloads component, which could allow remote attackers to execute UI spoofing through a...