Lucene search
+L

177 matches found

Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-50144 ncnn: Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id

ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::loadparam when Net::loadparam loads a malicious .param model file because th...

7.1CVSS0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/10 7:54 a.m.11 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.00191EPSS
Exploits1References7
OSV
OSV
added 2026/07/08 8:16 p.m.4 views

DEBIAN-CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References1
OSV
OSV
added 2026/07/08 8:16 p.m.4 views

UBUNTU-CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 7:0 p.m.9 views

CVE-2026-14647

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.15 views

PT-2026-55726

Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.22.0 Description A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the convPoolShapeInference opset19 function located in the onnx/defs/nn/old.cc file. Recommendations...

5.3CVSS6AI score0.00253EPSS
Exploits0References12
CVE
CVE
added 2026/06/30 10:39 p.m.28 views

CVE-2026-14070

CVE-2026-14070 affects Google Chrome’s WebNN component. The root cause is an integer overflow in WebNN that could allow a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. Affected software is Chrome prior to version 150.0.7871.47; the impact i...

6.5CVSS5.9AI score0.0025EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54345

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow in WebNN allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. WebNN is an API that enables web...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54344

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow in the WebNN component allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 4:22 p.m.14 views

Malicious code in neural-network-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...

5.3AI score
Exploits0References4
OSV
OSV
added 2026/06/15 4:22 p.m.10 views

MAL-2026-5794 Malicious code in neural-network-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...

5.4AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44246

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS5.5AI score0.00242EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

ONNX-MLIR 安全漏洞

ONNX-MLIR is an open-source compiler tool developed by Open Neural Network Exchange that converts ONNX graphs into efficient code. Versions of ONNX-MLIR prior to 0.5.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the generatehashkey...

3.6CVSS4.9AI score0.00078EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the WebNN component, which could allow a remote attacker with access to a...

9.6CVSS5.4AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 6:16 p.m.12 views

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6.2CVSS0.00132EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/22 6:16 p.m.24 views

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6.2CVSS6AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.27 views

PT-2026-42819

Name of the Vulnerable Software and Affected Versions Arm ArmNN versions prior to 2026-03-28 Description An integer overflow exists in the TensorShape::GetNumElements function within armnn/Tensor.cpp. This occurs when tensor dimensions are multiplied using 32-bit unsigned arithmetic without...

6.2CVSS6AI score0.00132EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 12:0 a.m.16 views

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

0.00132EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.15 views

TriSweep: A Four-Drone Swarm Framework for Electromagnetic Side-Channel Analysis

Electromagnetic EM side-channel analysis traditionally assumes a stationary, close-proximity probe - a threat model that underestimates aerial adversaries. TriSweep is a simulation framework that designs and evaluates a four-drone swarm architecture for autonomous standoff EM-SCA of embedded...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.49 views

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

0.00529EPSS
Exploits0References3
Rows per page
Query Builder