Lucene search
+L

100 matches found

osv
osv
added 2026/07/07 10:17 a.m.5 views

PYSEC-2026-977 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`

Impact If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=2,3, dtype=tf.float32 min = tf.constant0,...

5.9CVSS6.9AI score0.00383EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-959 TensorFlow vulnerable to segfault in `QuantizedMatMul`

Impact If QuantizedMatMul is given nonscalar input for: - mina - maxa - minb - maxb It gives a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf Toutput = tf.qint32 transposea = False transposeb = False Tactivation = tf.quint8 a = tf.constant7,...

5.9CVSS5.9AI score0.00423EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.5 views

PYSEC-2026-1006 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`

Impact When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None...

5.9CVSS5.9AI score0.00383EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1031 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`

Impact When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=2, 2, shape=2, 2, dtype=tf.float...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.5 views

PYSEC-2026-978 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`

Impact If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=4, dtype=tf.float32 min ...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
nvd
nvd
added 2026/06/16 10:16 a.m.10 views

CVE-2026-39437

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS0.00142EPSS
Exploits0References1
euvd
euvd
added 2026/06/16 9:0 a.m.9 views

EUVD-2026-37044

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS5.2AI score0.00142EPSS
Exploits0References1
cve
cve
added 2026/06/16 9:0 a.m.24 views

CVE-2026-39437

The CVE-2026-39437 issue affects the WordPress plugin “Min Max Step Quantity Limits Manager for WooCommerce” (versions ≤ 5.2.2). The vulnerability is an unauthenticated Cross Site Scripting (XSS), described as reflected in Patchstack and corroborated by NVD/CVE listings. The root cause is an inpu...

7.1CVSS5.1AI score0.00142EPSS
Exploits0References1
redhat
redhat
added 2026/05/20 7:46 p.m.15 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
redhat
redhat
added 2026/05/19 4:22 p.m.7 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
redhat
redhat
added 2026/05/13 6:58 a.m.12 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
redhat
redhat
added 2026/05/12 11:31 p.m.18 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
redhat
redhat
added 2026/05/11 4:30 p.m.7 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
redhat
redhat
added 2026/05/11 4:22 p.m.9 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
patchstack
patchstack
added 2026/04/21 10:51 a.m.10 views

WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Min Max Step Quantity Limits Manager for WooCommerce versions = 5.2.2...

5.8AI score0.00142EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.7 views

CVE-2026-35442

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions min, max applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated...

8.1CVSS5.9AI score0.00337EPSS
Exploits0References1
snyk
snyk
added 2026/04/04 6:13 a.m.7 views

Incorrect Authorization

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Incorrect Authorization in the aggregate query process when applying min or max functions to fields marked as concealed. An attacker can...

8.6CVSS5.9AI score0.00337EPSS
Exploits0References2
osv
osv
added 2026/02/25 8:24 p.m.5 views

CVE-2026-25952 FreeRDP has heap-use-after-free in xf_SetWindowMinMaxInfo

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...

6.9CVSS5.9AI score0.00599EPSS
Exploits1References13
githubexploit
githubexploit
added 2026/02/24 5:30 p.m.278 views

Exploit for CVE-2026-26198

versions 0.9.9 through 0.22.0, when performing Vulnerability...

9.8CVSS5.9AI score0.00915EPSS
Exploits2
vulnrichment
vulnrichment
added 2026/02/24 2:3 a.m.4 views

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS5.9AI score0.00915EPSS
Exploits2References3
Rows per page
Query Builder