CVE-2026-24410 iccDEV has Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic. This occurs when user-controllable input is unsafely incorporated into I...

CVE-2025-64110 Cursor: Authentication Bypass Possible via New Cursorignore Write

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore...

WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin Bulk NoIndex & NoFollow Toolkit versions = 2.16...

CVE-2022-24883 FreeRDP Server authentication might allow invalid credentials to pass

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server...

PYSEC-2022-150

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

PYSEC-2022-116

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

PYSEC-2021-589

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

PYSEC-2021-743

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

PYSEC-2021-161

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...

CVE-2021-29527

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...