GHSA-WJ56-G96R-673Q StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

Summary The REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts...

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

Summary The REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts...

CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

EUVD-2022-7262

Malicious code in bioql PyPI...

CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

GHSA-M342-FF57-4JCC Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

Impact The shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array: python import tensorflow as tf @tf.function def func: return tf.rawops.SparseCountSparseOutput indices=1, values=1, denseshape=10, weights=, binaryoutput= True func The...

PYSEC-2021-781

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

PYSEC-2021-554

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

PYSEC-2021-263

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

PT-2021-21756 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: In affected versions, if the arguments to tf.raw ops.RaggedGather don't determin...

GHSA-GVM4-H8J3-RJRQ CHECK-fail in `LoadAndRemapMatrix`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix: python import tensorflow as tf ckptpath = tf.constant, shape=0, dtype=tf.string oldtensorname = tf.constant"" rowremapping = tf.constant, shape=0, dtype=tf.int64 colremapping =...

PYSEC-2021-670

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...