170 matches found
CVE-2026-14070
CVE-2026-14070 affects Google Chrome’s WebNN component. The root cause is an integer overflow in WebNN that could allow a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. Affected software is Chrome prior to version 150.0.7871.47; the impact i...
PT-2026-54345
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow in WebNN allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. WebNN is an API that enables web...
PT-2026-54344
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow in the WebNN component allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page...
Malicious code in neural-network-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...
MAL-2026-5794 Malicious code in neural-network-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...
CVE-2026-44246
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...
ONNX-MLIR 安全漏洞
ONNX-MLIR is an open-source compiler tool developed by Open Neural Network Exchange that converts ONNX graphs into efficient code. Versions of ONNX-MLIR prior to 0.5.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the generatehashkey...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the WebNN component, which could allow a remote attacker with access to a...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
PT-2026-42819
Name of the Vulnerable Software and Affected Versions Arm ArmNN versions prior to 2026-03-28 Description An integer overflow exists in the TensorShape::GetNumElements function within armnn/Tensor.cpp. This occurs when tensor dimensions are multiplied using 32-bit unsigned arithmetic without...
TriSweep: A Four-Drone Swarm Framework for Electromagnetic Side-Channel Analysis
Electromagnetic EM side-channel analysis traditionally assumes a stationary, close-proximity probe - a threat model that underestimates aerial adversaries. TriSweep is a simulation framework that designs and evaluates a four-drone swarm architecture for autonomous standoff EM-SCA of embedded...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
Information Exposure
org.springframework.ai, spring-ai-autoconfigure-model-transformers is vulnerable to information exposure. The vulnerability is due to improper isolation in a shared environment, which allows an attacker to access and retrieve the ONNX model used by the application...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-28500.
Summary IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-28500. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-28500 DESCRIPTION: Open Neural...
EUVD-2026-26012
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-40979
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-40979
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
VMware Spring AI 安全漏洞
VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5, as well as 1.1.0 to 1.1.4 of VMware Spring AI, have security vulnerabilities. These...