3527 matches found
CVE-2026-48801
Linkify-it (linkify-it) prior to version 5.0.1 has an O(N^2) scan loop in LinkifyIt.prototype.match, making inputs with many fuzzy links or emails vulnerable to resource exhaustion on a request hot path that renders untrusted Markdown with linkify: true. The issue arises from re-slicing input and...
WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...
Pinger 1.0 - Remote Code Execution
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...
EUVD-2026-43569
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...
EUVD-2026-43570
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...
CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...
DEBIAN-CVE-2026-56366
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...
CVE-2026-41876
CVE-2026-41876 affects R-SOFT DMS. The vulnerability is an OS Command Injection in konwertujAction(), where the document converter executes shell commands using unsanitized file paths and format parameters, allowing an authenticated attacker to run arbitrary commands with the web server user’s pr...
CVE-2026-41876
R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...
CVE-2026-44512
A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...
EUVD-2026-42657
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...
CVE-2026-44512
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...
CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...
CVE-2026-44512
Open Neural Network Exchange (ONNX) has a vulnerability in version_converter.convert_version() for opset upgrades prior to 1.22.0. The Upsample_6_7 adapter dereferences inputs()[0] without validating that inputs exist, causing a null-pointer dereference (SIGSEGV) when processing a model with an U...
CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...
PYSEC-2026-1448 libsodium has Incomplete List of Disallowed Inputs
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...
GHSA-HWPQ-HMQ9-WJ77 ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...
ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...
PYSEC-2026-1956 TensorFlow has Null Pointer Error in SparseSparseMaximum
Impact When SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. python import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Patches We have patched the issue in GitHub commit...
PYSEC-2026-1008 `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
Impact If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. python import tensorflow as tf tf.rawops.SparseFillEmptyRowsGrad reverseindexmap=, gradvalues=, name=None Patches We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be...