Lucene search
+L

2412 matches found

Nuclei
Nuclei
added yesterday114 views

CHIYU TCP/IP Converter - Carriage Return Line Feed Injection

CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized...

6.5CVSS6.5AI score0.18003EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday63 views

WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect

WordPress WebP Converter for Media 4.0.3 contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-25074 info: name: WordPress WebP Converter for Media 4.0.3 - Unauthenticated Open Redirect author:...

6.1CVSS6.2AI score0.02505EPSS
Exploits2References4
EUVD
EUVD
added 2026/07/10 9:5 a.m.10 views

EUVD-2026-42853

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/10 7:54 a.m.11 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.00191EPSS
Exploits1References7
NVD
NVD
added 2026/07/08 8:16 p.m.7 views

CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.00191EPSS
Exploits1References4
OSV
OSV
added 2026/07/08 8:16 p.m.4 views

UBUNTU-CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/08 7:32 p.m.40 views

CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.00191EPSS
Exploits1References4
CVE
CVE
added 2026/07/08 7:32 p.m.12 views

CVE-2026-44512

Open Neural Network Exchange (ONNX) has a vulnerability in version_converter.convert_version() for opset upgrades prior to 1.22.0. The Upsample_6_7 adapter dereferences inputs()[0] without validating that inputs exist, causing a null-pointer dereference (SIGSEGV) when processing a model with an U...

5.5CVSS6AI score0.00191EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/08 7:32 p.m.6 views

CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/07/07 1:2 p.m.6 views

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

5.5CVSS6AI score0.00191EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-965 TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

5.9CVSS5.9AI score0.00619EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56215

Name of the Vulnerable Software and Affected Versions Open Neural Network Exchange ONNX versions 1.9.0 through 1.21.0 Description Processing an untrusted model with an Upsample node containing zero inputs can lead to an unrecoverable denial of service. The issue occurs when the onnx.version...

5.5CVSS6AI score0.00191EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/07/01 7:14 p.m.37 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 7:10 p.m.5 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.9AI score0.0031EPSS
Exploits0References9
OSV
OSV
added 2026/06/26 8:35 p.m.8 views

MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:35 p.m.13 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/06/09 7:14 p.m.15 views

EUVD-2026-35795

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...

6.1CVSS5.6AI score0.0022EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:16 a.m.13 views

CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

9.8CVSS0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.8 views

UBUNTU-CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

9.8CVSS5.6AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48219

Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to April T2 release 2025-04-23 Description A reflected cross-site scripting issue exists where unauthenticated attackers can execute arbitrary JavaScript in a victim's browser. This is achieved by...

6.1CVSS5.2AI score0.0022EPSS
Exploits0References6
Rows per page
Query Builder