587 matches found
ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root
Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...
CVE-2026-43326
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...
EUVD-2026-9231
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0013
CVE-2026-0013 affects the DocumentsUI path in Android (Documents UI, DocumentsUI/Picker flow via PickActivity.setupLayout). The vulnerability allows a confused deputy to start any activity from within a DocumentsUI app, enabling local privilege elevation without extra execution privileges or user...
CVE-2026-0013
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
OSV-2026-55 Use-of-uninitialized-value in vp9_quantize_fp_avx2
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475583924 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...
OSV-2026-30 Use-of-uninitialized-value in vp9_quantize_fp_avx2
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474614578 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...
CVE-2021-41207
TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...
CVE-2021-41209
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
CVE-2021-41201
TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000470)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000470 advisory. In the Linux kernel, picknextrtentity may return a type confused entry, not detected by the BUGON condition, as the confused entry will not be NULL, but listhead.The...
EUVD-2025-199136
Malicious code in insomnia-plugin-random-pick npm...
Malicious code in insomnia-plugin-random-pick (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8717488a1afc3be853313a0f8f243fa748188c0b321d8c9096182cf59bfbb1ed The package insomnia-plugin-random-pick was found to contain malicious code. Source: ghsa-malware...
EUVD-2021-27580
Malicious code in bioql PyPI...
CVE-2025-57993
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through = 5.5.0...
CVE-2025-54007
Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.11...
Linux Distros Unpatched Vulnerability : CVE-2025-21897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: schedext: Fix picktaskscx picking non-queued tasks when it's called without balance...
Malicious code in pick-redvelvet-member (npm)
The package pick-redvelvet-member was found to contain malicious code...
Malicious code in pick-some-values (npm)
The package pick-some-values was found to contain malicious code...
Malicious code in pick-value (npm)
The package pick-value was found to contain malicious code...