Lucene search
K

762 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.7 views

CVE-2022-35970

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...

7.5CVSS6.6AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.4 views

CVE-2017-18806

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360...

6.7CVSS7.5AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.14 views

CVE-2023-25658

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1...

7.5CVSS6.6AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.7 views

CVE-2021-41206

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS6.8AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 4:14 p.m.25 views

CVE-2026-21639

Summary (CVE-2026-21639) A remote code execution vulnerability exists in multiple Ubiquiti airMAX/airFiber devices due to a flaw in the airMAX Wireless Protocol. Affected products and versions: airMAX AC ≤ 8.7.20, airMAX M ≤ 6.3.22, airFiber AF60-XG ≤ 1.2.2, and airFiber AF60 ≤ 2.6.7. The issue c...

5.4CVSS7.7AI score0.00269EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.6 views

CVE-2019-12990

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal...

10CVSS6.9AI score0.39335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.7 views

CVE-2019-12469

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

6.5CVSS6.8AI score0.0141EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 10:24 a.m.16 views

SUSE-SU-2026:0037-1 Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20251230T014957 2025-12-30T01:49:57Z jscPED-11136. Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-4249 CVE-2025-68120 CVE-2025-68120 GO-2025-4254 CVE-2025-62190 GHSA-gmx5-frv9-9m9f...

9.9CVSS6.3AI score0.7654EPSS
Exploits34References77
Cvelist
Cvelist
added 2026/01/05 9:46 p.m.30 views

CVE-2025-68436 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the...

7.1CVSS0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.5 views

PT-2026-1334

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...

7.9CVSS6.6AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.7 views

PT-2026-1288

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring centreon-awie versions 25.10.0 through 25.10.1 Centreon Infra Monitoring centreon-awie versions 24.10.0 through 24.10.2 Centreon Infra Monitoring centreon-awie versions 24.04.0 through 24.04.2 Description A missing...

9.8CVSS6.8AI score0.00373EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/01/02 2:56 p.m.22 views

CVE-2025-53593 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

5.1CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.5 views

PT-2026-1121

Name of the Vulnerable Software and Affected Versions AdonisJS versions through 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6 Description A Path Traversal vulnerability exists in the AdonisJS multipart file handling process. This flaw allows a remote attacker to write arbitrary files...

9.4CVSS8.3AI score0.01063EPSS
Exploits3References43
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 11:25 a.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.5CVSS7.3AI score0.03992EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/12/12 12:21 p.m.4 views

OESA-2025-2847 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

4.3CVSS7.9AI score0.00904EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 10:10 a.m.5 views

SUSE-SU-2025:4363-1 Security update for postgresql17, postgresql18

This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check...

5.9CVSS6.7AI score0.00332EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/25 8:48 p.m.5 views

Contao is vulnerable to cross-site scripting in templates

Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. Workarounds Do not use the affected templates or patch them manually. Refsources...

4.8CVSS7.1AI score0.00142EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.4 views

PT-2025-47896

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...

7.3CVSS6.9AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47347

Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 Description A flaw exists in Drupal core related to the use of a web browser cache that can...

3.7CVSS6.5AI score0.00249EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.2 views

Malicious code in testcafe-ophiuchus-xo-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21214842cd4cf23c4aed99f5eb4277c186325847a0fc2aab7e2c03f867aecc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder