Lucene search
K

802 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.1 views

PYSEC-2026-998 TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`

Impact When AudioSummaryV2 receives an input samplerate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack. python import tensorflow as tf arg0='' arg1=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None arg2=tf.random.uniformshape=2,1,...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-942 Missing validation causes `TensorSummaryV2` to crash

Impact The implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import numpy as np import tensorflow as tf tf.rawops.TensorSummaryV2 tag=np.array'test',...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.13 views

PT-2026-55793

Name of the Vulnerable Software and Affected Versions AIAnytime Awesome-MCP-Server versions up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab Description A flaw in the mcp-wiki/wiki-summary component, specifically within the mcp-wiki/src/mcp wiki/server.py file, allows for server-side request forger...

6.5CVSS6.6AI score0.00231EPSS
Exploits0References11
ICS
ICS
added 2026/06/25 6:0 a.m.8 views

Delta Electronics DTM Soft

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...

8.4CVSS6.2AI score0.00388EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/23 3:36 p.m.37 views

CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLES12 Security Update : mutt (SUSE-SU-2026:2300-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2300-1 advisory. This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. -...

3.7CVSS5.5AI score0.00201EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.13 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 11:4 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the getsummary function in porcelain.formatpatch API. An attacker can cause files to be written outside the intended output directory by crafting commit subjects with path traversal characters, potentially...

4.6CVSS6.2AI score0.00139EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/08 1:55 p.m.11 views

Security update for mutt

This update for mutt fixes the following issues CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. CVE-2026-43861: missing check for \0 in urlpctdecode bsc1263895...

6.9CVSS5.4AI score0.00201EPSS
Exploits0References26
OSV
OSV
added 2026/06/08 1:55 p.m.9 views

SUSE-SU-2026:2301-1 Security update for mutt

This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...

3.7CVSS5.4AI score0.00201EPSS
Exploits0References14
SUSE Linux
SUSE Linux
added 2026/06/08 1:54 p.m.9 views

Security update for mutt

This update for mutt fixes the following issues CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. CVE-2026-43861: missing check for \0 in urlpctdecode bsc1263895...

6.9CVSS5.4AI score0.00201EPSS
Exploits0References26
Cvelist
Cvelist
added 2026/06/08 11:23 a.m.50 views

CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS0.00206EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:23 a.m.7 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References7
CVE
CVE
added 2026/06/08 11:23 a.m.27 views

CVE-2026-3011

CVE-2026-3011 - Recipe Card Blocks Lite (WordPress) Vulnerability: Stored Cross-Site Scripting in the Recipe Card Blocks Lite plugin for WordPress, affecting all versions up to 3.4.13. Affected component: WPZOOM Recipe Card Blocks Lite plugin for WordPress (block-based recipe card feature). Root ...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 11:23 a.m.12 views

EUVD-2026-35049

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 11:23 a.m.10 views

CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.14 views

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

7.4CVSS5.4AI score0.0033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8240

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS5.5AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 7:16 a.m.13 views

CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS0.00138EPSS
Exploits0References1
Rows per page
Query Builder