Lucene search
K

562 matches found

Fedora
Fedora
added 2026/03/28 12:19 a.m.8 views

[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

9.1CVSS5.9AI score0.00838EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the failure to correctly validate offsets when processing JSON inputs with formattin...

7.5CVSS6.4AI score0.0075EPSS
Exploits1References3
NVD
NVD
added 2026/03/25 11:17 p.m.8 views

CVE-2026-33911

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

5.4CVSS0.00228EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 7:53 p.m.6 views

EUVD-2026-14498

AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint...

5.3CVSS5.8AI score0.00278EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.4 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS6.1AI score0.00704EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/16 8:27 p.m.5 views

Uncaught Exception

Overview github.com/buger/jsonparser is an Alternative JSON parser for Go. Affected versions of this package are vulnerable to Uncaught Exception via the Delete function when processing malformed JSON input. An attacker can cause a runtime panic and disrupt service availability by submitting...

8.7CVSS5.8AI score0.0075EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 9:32 p.m.11 views

CVE-2026-3958

Woahai321 ListSync ≤0.6.6 is affected. The vulnerability is in the function requests.post of list-sync-main/api_server.py (JSON Handler) and allows server-side request forgery. It can be exploited remotely; an exploit has been disclosed publicly. Attackers may use the vulnerable server to make un...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.4 views

HDF5 Plugin 2.17.0 Path Audit

This script demonstrates a controlled security audit scenario targeting the HDF5 dynamic plugin loading mechanism. It compiles a shared C library that mimics a legitimate HDF5 filter plugin by implementing the required H5Zclass2t structure and registration functions H5PLgetplugintype,...

5.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/02/23 9:1 a.m.7 views

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

...

7.8CVSS7AI score0.00252EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/23 12:25 a.m.3 views

SUSE CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

7.8CVSS6.2AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.4 views

SUSE CVE-2026-26200

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...

7.8CVSS6.6AI score0.00356EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:22 p.m.2 views

CVE-2026-2492 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

7CVSS6.2AI score0.00252EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/20 12:19 a.m.2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5Tconvstructopt function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted h5 file. Remediation Upgrade hdf5 to version 1.14.4.3 or higher. Referenc...

8.5CVSS6.1AI score0.00356EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 10:41 p.m.8 views

GHSA-3M4Q-JMJ6-R34Q Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...

7.1CVSS6AI score0.00298EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/11 11:39 p.m.4 views

External Control of File Name or Path

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to External Control of File Name or Path via the model loading process when handling HDF5 files with external dataset references. An attacker can access arbitrary files and...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
CVE
CVE
added 2026/02/11 10:10 p.m.28 views

CVE-2026-1669

CVE-2026-1669 describes an arbitrary file read in the Keras model loading path via HDF5 external dataset references. Affected versions are Keras 3.0.0 through 3.13.1 on all supported platforms. The vulnerability arises in the HDF5 integration used during model loading, enabling a remote attacker ...

7.5CVSS5.4AI score0.00298EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2026/02/10 1:34 a.m.9 views

[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

7.5CVSS5.7AI score0.00443EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7179

Name of the Vulnerable Software and Affected Versions PowerDocu versions prior to 2.4.0 Description PowerDocu, a Windows GUI executable for technical documentation, has a security issue in its JSON parsing process within Flow or App packages. The application incorrectly trusts the $type property ...

7.8CVSS5.7AI score0.00274EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/05 7:9 p.m.25 views

CVE-2026-1301 Out-of-bounds Write in o6 Automation GmbH Open62541

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

6.8CVSS0.00343EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-0897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote...

7.6CVSS5.5AI score0.00299EPSS
Exploits3References3
Rows per page
Query Builder