562 matches found
[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44
This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the failure to correctly validate offsets when processing JSON inputs with formattin...
CVE-2026-33911
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...
EUVD-2026-14498
AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
Uncaught Exception
Overview github.com/buger/jsonparser is an Alternative JSON parser for Go. Affected versions of this package are vulnerable to Uncaught Exception via the Delete function when processing malformed JSON input. An attacker can cause a runtime panic and disrupt service availability by submitting...
CVE-2026-3958
Woahai321 ListSync ≤0.6.6 is affected. The vulnerability is in the function requests.post of list-sync-main/api_server.py (JSON Handler) and allows server-side request forgery. It can be exploited remotely; an exploit has been disclosed publicly. Attackers may use the vulnerable server to make un...
HDF5 Plugin 2.17.0 Path Audit
This script demonstrates a controlled security audit scenario targeting the HDF5 dynamic plugin loading mechanism. It compiles a shared C library that mimics a legitimate HDF5 filter plugin by implementing the required H5Zclass2t structure and registration functions H5PLgetplugintype,...
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
...
SUSE CVE-2026-2492
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...
SUSE CVE-2026-26200
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-2492 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5Tconvstructopt function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted h5 file. Remediation Upgrade hdf5 to version 1.14.4.3 or higher. Referenc...
GHSA-3M4Q-JMJ6-R34Q Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...
External Control of File Name or Path
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to External Control of File Name or Path via the model loading process when handling HDF5 files with external dataset references. An attacker can access arbitrary files and...
CVE-2026-1669
CVE-2026-1669 describes an arbitrary file read in the Keras model loading path via HDF5 external dataset references. Affected versions are Keras 3.0.0 through 3.13.1 on all supported platforms. The vulnerability arises in the HDF5 integration used during model loading, enabling a remote attacker ...
[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
PT-2026-7179
Name of the Vulnerable Software and Affected Versions PowerDocu versions prior to 2.4.0 Description PowerDocu, a Windows GUI executable for technical documentation, has a security issue in its JSON parsing process within Flow or App packages. The application incorrectly trusts the $type property ...
CVE-2026-1301 Out-of-bounds Write in o6 Automation GmbH Open62541
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...
Linux Distros Unpatched Vulnerability : CVE-2026-0897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote...