Lucene search
K

4353 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.3 views

PT-2026-32367

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safe mode=True. This bypasses the security guarantees of safe mode and enables arbitrary attacker-controll...

8.8CVSS6.3AI score0.00354EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Keras 代码问题漏洞

Keras is an open-source deep learning framework with multiple backends. Version 3.13.0 of Keras contains a code vulnerability that stems from the TFSLayer class’s unconditional loading of external SavedModels, which may lead to arbitrary code execution...

8.8CVSS7.6AI score0.00354EPSS
Exploits1References2
Fedora
Fedora
added 2026/04/12 3:53 p.m.7 views

[SECURITY] Fedora 42 Update: libmicrohttpd-1.0.3-1.fc42

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

8.7CVSS5.8AI score0.00422EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.7 views

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.8 views

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...

5.1CVSS5.7AI score0.00266EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/10 8:0 p.m.5 views

Rembg has a Path Traversal via Custom Model Loading

Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...

5.3CVSS6AI score0.00592EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.6 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.14), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.14) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.14 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

5.7AI score
Exploits0
NVD
NVD
added 2026/04/10 5:17 p.m.2 views

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

5.3CVSS0.00272EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 5:8 p.m.6 views

Directory Traversal

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Directory Traversal via the modelpath parameter in the HTTP server for custom model types u2netcustom, discustom, bencustom. An attacker can access arbitrary files on the server's filesystem by sending...

6.9CVSS6.3AI score0.00592EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.3 views

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.29 views

CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

5.3CVSS0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 4:3 p.m.15 views

CVE-2026-35619

CVE-2026-35619 affects OpenClaw prior to 2026.3.24. The vulnerable component is the HTTP /v1/models endpoint, which fails to enforce operator.read scope, allowing attackers with operator.approvals to enumerate gateway model metadata via the HTTP compatibility route and bypass WebSocket RPC author...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.8AI score0.00272EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.6 views

Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit

Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in the HTTP/v1/models endpoints, which failed to enforce the requirement for...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 3:35 p.m.5 views

EUVD-2026-20928

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS6AI score0.00509EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/04/09 8:2 a.m.5 views

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

...

8.6CVSS5.7AI score0.00288EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 of Wastime contain security vulnerabilities. These vulnerabilities arise when using the Val type promotion feature to increase values of component models. If bi...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 11:15 p.m.4 views

CVE-2026-5815

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

9CVSS7.8AI score0.005EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder