CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

591 matches found

RedhatCVE•added 2026/01/09 9:11 a.m.•7 views

CVE-2022-35966

TensorFlow is an open source platform for machine learning. If QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00064EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:39 a.m.•4 views

CVE-2022-35938

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

9.1CVSS6.6AI score0.00126EPSS

Exploits0References1

Snyk•added 2025/12/03 5:0 p.m.•2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

10CVSS6.9AI score0.00029EPSS

Exploits0References2

Snyk•added 2025/12/03 4:7 p.m.•1 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

8.3CVSS6.9AI score0.00015EPSS

Exploits0References2

Nvidia•added 2025/11/18 12:0 a.m.•4 views

Security Bulletin: NVIDIA Isaac-GR00T - November 2025

NVIDIA has released a software update for NVIDIA Isaac-GR00T. To protect your system, install software from GitHub commit 7f53666 of NVIDIA Isaac-GR00T. Go to NVIDIA Product Security...

7.8CVSS7AI score0.00024EPSS

Exploits0Affected Software1

Snyk•added 2025/10/30 8:41 p.m.•3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

7.5CVSS7.5AI score0.00625EPSS

Exploits0References2

Snyk•added 2025/10/10 8:41 p.m.•2 views

Arbitrary Code Injection

Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...

9CVSS7.8AI score0.00581EPSS

Exploits0References2