26 matches found
PYSEC-2026-972 Core dump when loading TFLite models with quantization in TensorFlow
Impact Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling...
CVE-2026-50200
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...
CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...
CVE-2026-42277
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...
CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...
SUSE CVE-2026-25576
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larg...
EUVD-2026-7442
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted imag...
EUVD-2021-2419
Malware in sbrugna...
EUVD-2022-2791
Malicious code in bioql PyPI...
EUVD-2023-43650
Malicious code in bioql PyPI...
CVE-2025-38004 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38004 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...
CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6
CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6. A patched version of the package is available...
WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...
WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...
CVE-2021-43836
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18...
CVE-2023-32611 affecting package glib for versions less than 2.71.0-4
CVE-2023-32611 affecting package glib for versions less than 2.71.0-4. A patched version of the package is available...
CVE-2025-29925
XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...
CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15
CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15. A patched version of the package is available...
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is available...
CVE-2023-38469 affecting package avahi for versions less than 0.8-3
CVE-2023-38469 affecting package avahi for versions less than 0.8-3. A patched version of the package is available...