CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

CVE-2021-41206

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

CVE-2022-23560

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...

CVE-2022-35939

TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...

CVE-2022-35938

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

CVE-2024-39696

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user can create a vesting account with a 3rd party account EOA or contract as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

Unified Framework for Qualifying Security Boundary of PUFs against Machine Learning Attacks

Physical Unclonable Functions PUFs serve as lightweight, hardware-intrinsic entropy sources widely deployed in IoT security applications. However, delay-based PUFs are vulnerable to Machine Learning Attacks MLAs, undermining their assumed unclonability. There are no valid metrics for evaluating P...

MAL-2026-142 Malicious code in rt-qa-sampler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d57d7fdf7de875c7da43a03defcfe1df8c66f3a72a0802585f903e5e4e4a19 The package rt-qa-sampler was found to contain malicious code. Source: ghsa-malware 7db994932160920a0a11f0ca0419898a6c0552e1f38b68ccf9bb6b59d72f98fb...

MAL-2026-140 Malicious code in rt-live-hero (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b963cc4f9c61717fb440dbd17f3897337fd7aa94a3d077bcd8307c2faf109c57 The package rt-live-hero was found to contain malicious code. Source: ghsa-malware f56b0f0c83fe7af0849099067abaa56333d2eadffeb3f8152244c74b40a706d6 A...

MAL-2026-144 Malicious code in scrollbar-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1feac6b077daf292c9f1be24ff5b49cfd07da882dda73a98dcba56ea0a4c903 The package scrollbar-stylecss was found to contain malicious code. Source: ghsa-malware...

How Cisco Talos powers the solutions protecting your organization

Cisco Talos is Cisco's threat intelligence and security research organization that powers Cisco's product portfolio with that intelligence. While we are well known for the security research in our blog, vulnerability discoveries, and our open-source software, you may not be aware of exactly how o...

CVE-1999-0511

IP forwarding is enabled on a machine which is not a router or firewall...

CVE-1999-0628

The rwho/rwhod service is running, which exposes machine status and user information...

CVE-1999-0440

The byte code verifier component of the Java Virtual Machine JVM allows remote execution through malicious web pages...

CVE-2025-1384

Least Privilege Violation CWE-272 Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the...

Malicious code in eslint-plugin-supertest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e51e22e6032e74b136ec2615b38bd5801cca8f5a4ef8a09747a442b656ec17 The package eslint-plugin-supertest was found to contain malicious code. Source: ghsa-malware...