Lucene search
K

374 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.0017EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-42313

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS6AI score0.00354EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42312

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-56488

Name of the Vulnerable Software and Affected Versions Socket.IO versions 4.1.0 through 6.6.6 Description The Engine.IO protocol v4 polling transport fails to properly close the HTTP response when receiving invalid binary POST requests that use the Content-Type: application/octet-stream header. Th...

7.5CVSS6AI score0.00354EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 4 days ago5 views

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

5.5CVSS6AI score0.0017EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56215

Name of the Vulnerable Software and Affected Versions Open Neural Network Exchange ONNX versions 1.9.0 through 1.21.0 Description Processing an untrusted model with an Upsample node containing zero inputs can lead to an unrecoverable denial of service. The issue occurs when the onnx.version...

5.5CVSS6AI score0.0017EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 11:14 a.m.13 views

CVE-2025-69154

CVE-2025-69154 affects the SpaLab | Beauty Salon WordPress Theme up to version 6.7. It is an unauthenticated Cross-Site Scripting (XSS) vulnerability in the theme. The CVSS v3.1 base score is 7.1 (HIGH) with network attack, no privileges required, user interaction required, and low impacts to con...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-54967

Name of the Vulnerable Software and Affected Versions SpaLab Beauty Salon WordPress Theme versions 6.7 and earlier Description An unauthenticated Cross Site Scripting XSS issue exists, allowing attackers to execute malicious scripts in the browser of other users without requiring prior...

7.1CVSS6AI score0.0018EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/30 1:29 p.m.4 views

WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Trendy Travel versions = 6.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-359 InvokeAI has External Control of File Name or Path

Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...

9.8CVSS7.5AI score0.00353EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/23 4:14 p.m.6 views

EUVD-2026-38500

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS6.6AI score0.0045EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In btrfsgetrootref in fs/btrfs/disk-io.c within the Linux kernel, up to version 6.7.1, there may be an assertion failure and a crash occurring because a subvolume can be read out too early after its root item is inserted during subvolume creation...

5.5CVSS6.2AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 10:16 p.m.6 views

DEBIAN-CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-40785

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36877

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49444

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

7.2CVSS5.1AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder