CVE-2026-34447

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0...

CVE-2026-34446 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...

Open Neural Network Exchange 安全漏洞

Open Neural Network Exchange is an open-source ecosystem developed by Open Neural Network Exchange. It enables AI developers to choose the appropriate tools as the project evolves. Versions of Open Neural Network Exchange prior to 1.21.0 contained a security vulnerability. This vulnerability...

Open Neural Network Exchange 安全漏洞

Open Neural Network Exchange is an open-source ecosystem developed by Open Neural Network Exchange. It enables AI developers to choose the appropriate tools as the project evolves. Versions of Open Neural Network Exchange prior to 1.21.0 contained a security vulnerability caused by symbolic link...

CVE-2026-28679

Home-Gallery.org is a self-hosted web gallery. Prior to version 1.21.0, download requests could access files outside the media source directory, allowing retrieval of sensitive system files. The issue is fixed in version 1.21.0. CVSS 3.1 base score: 8.6 (NETWORK, HIGH, Privileges NONE, User Inter...

CVE-2025-27249

Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occu...

Intel® Gaudi® Software Advisory

Summary: A potential security vulnerability for some Intel® Gaudi® software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-27249 Description: Uncontrolled resource consumption for some Gaudi softwar...

PT-2025-46406

Name of the Vulnerable Software and Affected Versions Gaudi software versions prior to 1.21.0 Description Some Gaudi software is subject to uncontrolled resource consumption within Ring 3: User Applications, potentially leading to a denial of service. A system software adversary with authenticate...

CVE-2025-58156 Centurion ERP users can view hashed authentication tokens that belong to other users

Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed...

Linux Distros Unpatched Vulnerability : CVE-2020-26891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to...

sequoia-openpgp 安全漏洞

sequoia-openpgp is a Rust library from the individual developer of sequoia-openpgp. A security vulnerability exists in sequoia-openpgp versions prior to 1.21.0, which stems from providing a low-level interface to the OpenPGP implementation that could lead to an infinite loop...