762 matches found
CVE-2022-35970
TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...
CVE-2017-18806
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360...
CVE-2023-25658
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1...
CVE-2021-41206
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...
CVE-2026-21639
Summary (CVE-2026-21639) A remote code execution vulnerability exists in multiple Ubiquiti airMAX/airFiber devices due to a flaw in the airMAX Wireless Protocol. Affected products and versions: airMAX AC ≤ 8.7.20, airMAX M ≤ 6.3.22, airFiber AF60-XG ≤ 1.2.2, and airFiber AF60 ≤ 2.6.7. The issue c...
CVE-2019-12990
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal...
CVE-2019-12469
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...
SUSE-SU-2026:0037-1 Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20251230T014957 2025-12-30T01:49:57Z jscPED-11136. Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-4249 CVE-2025-68120 CVE-2025-68120 GO-2025-4254 CVE-2025-62190 GHSA-gmx5-frv9-9m9f...
CVE-2025-68436 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the...
PT-2026-1334
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...
PT-2026-1288
Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring centreon-awie versions 25.10.0 through 25.10.1 Centreon Infra Monitoring centreon-awie versions 24.10.0 through 24.10.2 Centreon Infra Monitoring centreon-awie versions 24.04.0 through 24.04.2 Description A missing...
CVE-2025-53593 QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...
PT-2026-1121
Name of the Vulnerable Software and Affected Versions AdonisJS versions through 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6 Description A Path Traversal vulnerability exists in the AdonisJS multipart file handling process. This flaw allows a remote attacker to write arbitrary files...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
OESA-2025-2847 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...
SUSE-SU-2025:4363-1 Security update for postgresql17, postgresql18
This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check...
Contao is vulnerable to cross-site scripting in templates
Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. Workarounds Do not use the affected templates or patch them manually. Refsources...
PT-2025-47896
An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...
PT-2025-47347
Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 Description A flaw exists in Drupal core related to the use of a web browser cache that can...
Malicious code in testcafe-ophiuchus-xo-yonder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21214842cd4cf23c4aed99f5eb4277c186325847a0fc2aab7e2c03f867aecc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...