938 matches found
CVE-2025-55556
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application...
CVE-2025-55556
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application...
CVE-2025-55556
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application...
CVE-2025-10854
The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhe...
CVE-2025-10854
The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhe...
UNIX Symbolic Link (Symlink) Following
Overview txtai is an All-in-one open-source AI framework for semantic search, LLM orchestration and language model workflows Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the validate function due to improper sanitization of symbolic links within the...
CVE-2025-10854 Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices
The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhe...
CVE-2025-10854 Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices
The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhe...
PT-2025-38714
Name of the Vulnerable Software and Affected Versions txtai affected versions not specified Description The txtai framework permits loading compressed tar files as embedding indices. The validate function, designed to prevent path traversal, does not account for symbolic links within these tar...
URL2Graph++: Unified Semantic-Structural-Character Learning for Malicious URL Detection
Malicious URL detection remains a major challenge in cybersecurity, primarily due to two factors: 1 the exponential growth of the Internet has led to an immense diversity of URLs, making generalized detection increasingly difficult; and 2 attackers are increasingly employing sophisticated...
ALPHA: LLM-Enabled Active Learning for Human-Free Network Anomaly Detection
Network log data analysis plays a critical role in detecting security threats and operational anomalies. Traditional log analysis methods for anomaly detection and root cause analysis rely heavily on expert knowledge or fully supervised learning models, both of which require extensive labeled dat...
Malicious code in text-openai-embedding-js (npm)
The package text-openai-embedding-js was found to contain malicious code...
MAL-2025-46308 Malicious code in text-openai-embedding-js (npm)
The package text-openai-embedding-js was found to contain malicious code...
CLSA-2025-1756409595 clamav: Fix of 4 CVEs
Update to 1.4.3 LTS - CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser - CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF file parser - CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser - CVE-2024-20506: Changed...
CVE-2025-3414
The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
SUSE CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
FetFIDS: a Feature Embedding Attention Based Federated Network Intrusion Detection Algorithm
Intrusion Detection Systems IDS have an increasingly important role in preventing exploitation of network vulnerabilities by malicious actors. Recent deep learning based developments have resulted in significant improvements in the performance of IDS systems. In this paper, we present FetFIDS,...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unrestricted external image embedding because markdown images with arbitrary URLs are automatically fetched when viewing a memo, exposing the user's IP address, browser User-Agent, and other...
VeriPHY: Physical Layer Signal Authentication for Wireless Communication in 5G Environments
Physical layer authentication PLA uses inherent characteristics of the communication medium to provide secure and efficient authentication in wireless networks, bypassing the need for traditional cryptographic methods. With advancements in deep learning, PLA has become a widely adopted technique...
WordPress muse.ai video embedding cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress muse.ai video embedding, which stems from insufficient input cleanup and output escaping, and can be exploited by a...