200 matches found
CVE-2026-43978
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...
CVE-2026-43978 wger: Privilege escalation via trainer-login session chaining allows gym trainers to impersonate gym managers
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...
CVE-2026-43978
CVE-2026-43978 describes a privilege-escalation in wger prior to version 2.6 where a gym trainer can chain two trainer-login calls to impersonate higher-privileged users (gym manager/general manager). The root cause is a logic error in wger/core/views/user.py: after the first hop, session["traine...
CVE-2026-58198
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198
ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...
CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings
David Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams...
CVE-2026-31222
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the trainer-login process. An attacker can gain unauthorized access to higher-privileged accounts by chaining session states and bypassing permission checks. Remediation There is no fixed version for wge...
GHSA-9QPR-VC49-HQG2 wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager
Summary A gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone...
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager
Summary A gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone...
PT-2026-41137
Name of the Vulnerable Software and Affected Versions wger version 2.5.0a2 Description A logical error in the permission check allows an authenticated gym trainer to escalate privileges to a gym manager or general manager account. By chaining two calls to the trainer-login endpoint, a trainer can...
ebes (>=0.0.0 <=0.0.3), helical (>=0.0.1a8 <=0.0.1a9) +2 more potentially affected by CVE-2026-31239 via mamba-ssm (>=1.0.1 <=2.2.5)
mamba-ssm PYPI version =1.0.1, =0.0.0, =0.0.1a8, =1.0.0, =1.2.0 - ml-trainer-sdk =0.1.0 Source cves: CVE-2026-31239 Source advisory: OSV:GHSA-PQ2F-X424-6FJM...
EUVD-2026-29506
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
Snorkel Trainer.load uses an unsafe torch.load
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
Deserialization of Untrusted Data
Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer.load function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that ...
GHSA-78CP-F66X-QMH5 Snorkel Trainer.load uses an unsafe torch.load
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
CVE-2026-31222
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
CVE-2026-31222
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...