CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.4AI score0.00018EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/21 3:2 p.m.•6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX [CVE-2026-34445, CVE-2026-34446, CVE-2026-34447]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX due to an issue with the ExternalDataInfo class in ONNX using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file, which fails to properly...

8.6CVSS5.8AI score0.00207EPSS

Exploits1Affected Software1

OSV•added 2026/04/28 9:34 a.m.•3 views

GHSA-R5HP-3CGJ-J6XV Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.8AI score0.00018EPSS

Exploits0References3

Github Security Blog•added 2026/04/28 9:34 a.m.•4 views

Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.8AI score0.00018EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/28 9:16 a.m.•0 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS0.00018EPSS

Exploits0References1

CVE•added 2026/04/28 7:31 a.m.•3 views

CVE-2026-40979

Technical details (affected products, versions, impact, fixes) are not publicly available in the provided documents. Monitor for updates.

6.1CVSS5.2AI score0.00018EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/28 7:31 a.m.•1 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00018EPSS

Exploits0References1

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35688

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00018EPSS

Exploits0References2

NVD•added 2026/04/10 5:17 p.m.•0 views

CVE-2026-40086

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

5.3CVSS0.00074EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by