CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/26 3:18 p.m.•3 views

CVE-2026-3962

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

5.3CVSS4AI score0.0005EPSS

Exploits0References1

Akamai Blog•added 2026/03/25 12:0 p.m.•2 views

Machine Learning Operations: Yesterday, Today, and Tomorrow

...

5.8AI score

Packet Storm News•added 2026/03/25 12:0 a.m.•0 views

Toward a Multi-Layer ML-Based Security Framework for Industrial IoT

The Industrial Internet of Things IIoT introduces significant security challenges as resource-constrained devices become increasingly integrated into critical industrial processes. Existing security approaches typically address threats at a single network layer, often relying on expensive hardwar...

5.8AI score

Packet Storm News•added 2026/03/25 12:0 a.m.•0 views

Walma: Learning to See Memory Corruption in WebAssembly

WebAssembly's Wasm monolithic linear memory model facilitates memory corruption attacks that can escalate to cross-site scripting in browsers or go undetected when a malicious host tampers with a module's state. Existing defenses rely on invasive binary instrumentation or custom runtimes, and do...

5.6AI score

OSV•added 2026/03/19 7:16 p.m.•4 views

UBUNTU-CVE-2026-3503

Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...

5.2CVSS5.8AI score0.00008EPSS

Exploits0References3

CVE•added 2026/03/19 6:12 p.m.•11 views

CVE-2026-3503

CVE-2026-3503 involves a protection mechanism failure in wolfSSL’s wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) on ARM Cortex-M devices. The root cause is exposed as transient fault injections that can corrupt or redirect seed/pointer values during Keccak-based expansion, potentiall...

5.2CVSS5.8AI score0.00008EPSS

Exploits0References1Affected Software1

AlpineLinux•added 2026/03/19 6:12 p.m.•4 views

CVE-2026-3503

5.2CVSS5.2AI score0.00008EPSS

Cvelist•added 2026/03/19 6:12 p.m.•21 views

CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM

4.2CVSS0.00008EPSS

Exploits0References1

EUVD•added 2026/03/19 12:30 a.m.•1 views

EUVD-2025-208848

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

8.1CVSS6.3AI score0.00333EPSS

Exploits1References2

Packet Storm News•added 2026/03/19 12:0 a.m.•2 views

Benchmarking Post-Quantum Cryptography on Resource-Constrained IoT Devices: ML-KEM and ML-DSA on ARM Cortex-M0+

The migration to post-quantum cryptography is urgent for Internet of Things devices with 10-20 year lifespans, yet no systematic benchmarks exist for the finalised NIST standards on the most constrained 32-bit processor class. This paper presents the first isolated algorithm-level benchmarks of...

5.8AI score

UbuntuCve•added 2026/03/18 12:0 a.m.•0 views

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.9AI score0.00011EPSS

Exploits0References2

Vulnrichment•added 2026/03/11 10:32 p.m.•3 views

CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting

CVE•added 2026/03/11 10:32 p.m.•5 views

CVE-2026-3962

The CVE-2026-3962 entry affects Jcharis Machine-Learning-Web-Apps (up to a6996b634d98ccec4701ac8934016e8175b60eb5) where the render_template function in Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py under the Jinja2 Template Handler is vulnerable to cross-site...

ATTACKERKB•added 2026/03/11 10:32 p.m.•2 views

CVE-2026-3962

Vulnrichment•added 2026/03/11 10:4 p.m.•1 views

CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.001EPSS

Exploits0References2

CNNVD•added 2026/03/11 12:0 a.m.•2 views

Machine-Learning-Web-Apps 代码注入漏洞

Machine-Learning-Web-Apps is a machine learning web application development framework developed by JCharis Jesse. There is a code injection vulnerability in Machine-Learning-Web-Apps, which stems from an incorrect operation on the rendertemplate function in the Jinja2 Template Handler component o...

5.3CVSS5.7AI score0.0005EPSS

Positive Technologies•added 2026/03/11 12:0 a.m.•0 views

PT-2026-24891

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...