MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Version 3.9.0 of MLflow contains a security vulnerability. This vulnerability stems from the lack...

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

DEBIAN-CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

CVE-2026-10298 ggml-org whisper.cpp ggml.c whisper_model_load null pointer dereference

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

CVE-2026-10298

CVE-2026-10298 affects ggml-org whisper.cpp up to 1.8.2. The issue is in whisper_model_load (ggml/src/ggml.c) and causes a null pointer dereference. Exploitation requires local access; a public exploit exists. The project was informed via an issue but has not responded.

CVE-2026-10298 ggml-org whisper.cpp ggml.c whisper_model_load null pointer dereference

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

EUVD-2026-33701

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

CVE-2026-10230

A flaw was found in Assimp, specifically within the Half-Life 1 MDL Loader component. A local attacker could exploit a heap-based buffer overflow vulnerability in the readanimations function of HL1MDLLoader.cpp. This could lead to information disclosure, denial of service, or potentially arbitrar...

CVE-2026-38950

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

CVE-2026-42678 WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

EUVD-2026-33684

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

BIT-AUTHENTIK-2026-40172 authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...

Zafran vs Hive Pro: A Fair CTEM Comparison

CTEM coverage claims sound similar until teams compare how exposure evidence becomes action. A fair platform decision hinges on discovery, validation, intelligence, and the remediation model already in place. Comparing CTEM platforms now? Book a Hive Pro demo to assess integrated discovery,...

-cascade-scan

cascade-scan AI Agent security evaluation framework — autom...

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the readsequenceinfos function of the Half-Life 1 MDL Loader component when processing the aiString argument. An attacker can access sensitive information by supplying specially crafted input that causes the proces...