Lucene search
K

24 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-60090

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS0.0041EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-43175

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS6.1AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:26 p.m.5 views

GHSA-CXMJ-83GH-FP49 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions

Summary MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. The formatter reads a guarded element array header, but allocation of the...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.13 views

CVE-2026-48515

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...

7.5CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:10 p.m.25 views

CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...

6.3CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:10 p.m.21 views

CVE-2026-48515

Summary: CVE-2026-48515 affects MessagePack-CSharp. Before versions 2.5.301 and 3.1.7, multi-dimensional array formatters allocate T[,] / T[,,] / T[,,,] using dimension lengths read from the payload before validating the encoded element count, enabling large heap allocations. Impact: potential hi...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:10 p.m.6 views

CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51399

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/26 3:20 p.m.7 views

EUVD-2026-8781

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps...

8.8CVSS5.3AI score0.0041EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/26 3:20 p.m.12 views

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

9.1CVSS5.7AI score0.0041EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/25 11:57 p.m.9 views

CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

8.8CVSS5.6AI score0.0041EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.10 views

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

7.5CVSS5.9AI score0.00371EPSS
Exploits1References1
NVD
NVD
added 2026/01/28 5:16 p.m.9 views

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

7.5CVSS0.00371EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a dimension validation flaw in the flow.empty component, which may allow denial-of-service attacks through negative values or excessive...

7.5CVSS5.8AI score0.00371EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/28 12:0 a.m.3 views

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

5.9AI score0.00371EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 12:0 a.m.7 views

EUVD-2025-206481

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

7.5CVSS5.9AI score0.00371EPSS
Exploits1References4
CVE
CVE
added 2026/01/28 12:0 a.m.12 views

CVE-2025-65888

The entries for CVE-2025-65888 describe a concrete flaw in OneFlow 0.9.0: a dimension validation issue in the flow.empty() component that allows a Denial of Service when given a negative or excessively large dimension value. The vulnerability is supported across multiple feeds (NVD, Red Hat, CIRC...

7.5CVSS5.9AI score0.00371EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:0 a.m.5 views

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

5.9AI score0.00371EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/28 12:0 a.m.37 views

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

0.00371EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.10 views

PT-2026-5140

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

5.9AI score0.00371EPSS
Exploits1References5
Rows per page
Query Builder