CVE-2026-8931

Disig Web Signer is affected by a critical Remote Code Execution (RCE) vulnerability in versions 2.0.3 through 2.5.3. The available documents confirm the product, affected version range, and the high-impact nature (RCE) of the issue. No concrete root-cause details, exploitation method, or remedia...

Burgerportaal 安全漏洞

Burgerportaal is a GPP-Woo open source site for reading public documents. A security vulnerability exists in Burgerportaal versions prior to 2.0.3, prior to 3.0.2, and prior to 4.0.1, which stems from the exposure of employee names and e-mail addresses in a web response, which could lead to...

PT-2024-12479 · Unknown · Constant Contact Forms

Name of the Vulnerable Software and Affected Versions: Constant Contact Forms versions 1.14.0 through 2.0.3 Constant Contact Forms version prior to the latest version Description: The issue is related to a Missing Authorization vulnerability in Constant Contact Forms, allowing exploitation of...

PT-2024-26704 · Unknown · Wpdevart Responsive Image Gallery

Name of the Vulnerable Software and Affected Versions: wpdevart Responsive Image Gallery, Gallery Album versions 2.0.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by wpdabh Patchstack Alliance in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.0.3...

CVE-2022-0841

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

PYSEC-2020-322

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

PYSEC-2020-284

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx-sessionstate returns nullptr. Since...

PYSEC-2020-270

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

PYSEC-2020-132

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one...

DEBIAN-CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

Security Bulletin: IBM Content Navigator is affected by a cross site scripting vulnerability

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1496 DESCRIPTION: IBM Content Navigator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...