Pytorch-Lightning 安全漏洞

PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...

EUVD-2025-201421

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

EUVD-2025-93479

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This...

CVE-2025-24519

Buffer overflow for some IntelR QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially...

CVE-2025-32088

Intel QAT Windows software before version 2.6.0 contains an improper condition check in Ring 3 user-space components, which may allow a locally authenticated low-complexity attacker to cause a denial of service (low availability impact). Affected product: Intel® QuickAssist Technology Windows sof...

CVE-2015-7344

HikaShop Joomla Component before 2.6.0 has XSS via an injected payload/caption...

CVE-2025-32636 WordPress Local Magic Plugin <= 2.6.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in matthewrubin Local Magic allows SQL Injection. This issue affects Local Magic: from n/a through 2.6.0...

CVE-2024-1603

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.readfile...

WordPress Responsive Flickr Slideshow Plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Responsive Flickr Slideshow versions = 2.6.0...

PYSEC-2023-280

OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...

AZL-27064 CVE-2023-2602 affecting package libcap for versions less than 2.60-2

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

PYSEC-2023-60

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

PYSEC-2021-788

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

PYSEC-2021-792

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

PYSEC-2021-289

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

PYSEC-2021-274

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security error vulnerability exists in Google TensorFlow versions prior to 2.6.0. A local attacker could exploit this vulnerability to cause a denial of service...