6 matches found
EUVD-2026-33407
Shopper: Authorization bypass and RBAC privilege escalation in team settings...
CVE-2026-39419
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...
CVE-2026-39425
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...
WordPress WP SEO Structured Data Schema plugin <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Jorgson in WordPress Plugin WP SEO Structured Data Schema versions = 2.7.11...
GHSA-GCVH-66FF-4MWM `CHECK`-failures in Tensorflow
Impact The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar: python import tensorflow as tf import numpy as np tf.rawops.MapStage key = tf.constantvalue=4, shape= 1,2, dtype=tf.int64, indices = np.array6, values = np.array-60, dtypes = tf.int64, capacity=0,...
CVE-2022-23565
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...