Lucene search
+L

200 matches found

NVD
NVD
added yesterday5 views

CVE-2026-43978

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS0.00026EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-43978 wger: Privilege escalation via trainer-login session chaining allows gym trainers to impersonate gym managers

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS0.00026EPSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-43978

CVE-2026-43978 describes a privilege-escalation in wger prior to version 2.6 where a gym trainer can chain two trainer-login calls to impersonate higher-privileged users (gym manager/general manager). The root cause is a logic error in wger/core/views/user.py: after the first hop, session["traine...

8.1CVSS6AI score0.00026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:32 p.m.7 views

CVE-2026-58198

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/09 6:32 p.m.14 views

CVE-2026-58198

ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 6:32 p.m.31 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS0.00095EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 6:32 p.m.3 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS6.1AI score0.00095EPSS
Exploits0References6
Wired Threat Level
Wired Threat Level
added 2026/05/18 9:30 a.m.15 views

An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings

David Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.12 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 4:16 p.m.7 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the trainer-login process. An attacker can gain unauthorized access to higher-privileged accounts by chaining session states and bypassing permission checks. Remediation There is no fixed version for wge...

8.6CVSS5.8AI score0.00026EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:16 p.m.12 views

GHSA-9QPR-VC49-HQG2 wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager

Summary A gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone...

8.1CVSS5.8AI score0.00026EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:16 p.m.14 views

wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager

Summary A gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone...

8.1CVSS5.8AI score0.00026EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41137

Name of the Vulnerable Software and Affected Versions wger version 2.5.0a2 Description A logical error in the permission check allows an authenticated gym trainer to escalate privileges to a gym manager or general manager account. By chaining two calls to the trainer-login endpoint, a trainer can...

8.1CVSS6.1AI score0.00026EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.9 views

ebes (>=0.0.0 <=0.0.3), helical (>=0.0.1a8 <=0.0.1a9) +2 more potentially affected by CVE-2026-31239 via mamba-ssm (>=1.0.1 <=2.2.5)

mamba-ssm PYPI version =1.0.1, =0.0.0, =0.0.1a8, =1.0.0, =1.2.0 - ml-trainer-sdk =0.1.0 Source cves: CVE-2026-31239 Source advisory: OSV:GHSA-PQ2F-X424-6FJM...

9.8CVSS5.5AI score0.00409EPSS
Exploits0
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29506

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Snorkel Trainer.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/12 6:30 p.m.10 views

Deserialization of Untrusted Data

Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer.load function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that ...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 6:30 p.m.10 views

GHSA-78CP-F66X-QMH5 Snorkel Trainer.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References2
Rows per page
Query Builder