9 matches found
CVE-2026-12193
VS Revo RevoUninstaller 2.5.x/2.6.x contains a heap-based overflow in IOCtl_Handler of RevoDetector.sys (IOCTL Handler). The vulnerability enables a local attack and is supported by publicly available exploit material. Upgrading to version 2.7.0 fixes the issue. If you rely on affected builds, ap...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the API request handlers due to insufficient validation of user-supplied input. An attacker can cause the plugin process to crash by sending a specially crafted HTTP request to the PR...
GHSA-MF9V-MFXR-J63J urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or...
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or...
PT-2026-39666
Name of the Vulnerable Software and Affected Versions urllib3 versions 2.6.0 through 2.6.x Description An issue exists in the streaming API where the library may decompress an entire HTTP response instead of the requested portion. This occurs in two scenarios: during the second...
CVE-2023-40273 Session fixation in Apache Airflow web interface
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
PT-2021-23193 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow version 2.6.1 Description: TensorFlow is an open source platform for machine learning. The async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free due to...
PT-2021-23168 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The Keras pooling layers in TensorFlow can trigger a segfault if the size of the...
Cross-site Request Forgery (CSRF)
Overview pghero is a performance dashboard for Postgres. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The Ruby gem is vulnerable with non-session based authentication methods like basic authentication - session-based authentication methods like Devise's...