Lucene search
+L

7044 matches found

pypa
pypa
added 2026/07/07 10:17 a.m.4 views

TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite

ImpactThe ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. PatchesWe have patched the issue in GitHub commit...

9.8CVSS7.1AI score0.00441EPSS
Exploits0References8Affected Software1
pypa
pypa
added 2026/07/07 10:17 a.m.5 views

TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite

ImpactThe GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. PatchesWe have patched the issue in GitHub commit...

9.1CVSS7.1AI score0.00441EPSS
Exploits0References8Affected Software1
pypa
pypa
added 2026/07/07 10:17 a.m.4 views

TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

ImpactWhen converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.pythonimport tensorflow as tfclass QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

7.5CVSS7AI score0.00596EPSS
Exploits1References8Affected Software1
pypa
pypa
added 2026/07/07 10:17 a.m.8 views

TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`

ImpactIf RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbatchedinput = Truertnestedsplits = tf.constant0,32,64, shape=3,...

7.5CVSS7AI score0.00383EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/07 10:17 a.m.4 views

TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`

ImpactThe AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.pythonimport tensorflow as tfimport numpy as npvalue = np.ones1, 1, 1, 1ksize = 1, 1e20, 1, 1strides = 1, 1, 1, 1padding =...

7.5CVSS7AI score0.00562EPSS
Exploits0References8Affected Software1
pypa
pypa
added 2026/07/07 10:17 a.m.6 views

TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

ImpactIf QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfsignedinput = Truerangegiven = Falsenarrowrange = Falseaxis = -1input = tf.constant-3.5, shape=1,...

7.5CVSS7AI score0.00396EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.6 views

PYSEC-2026-2086

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6.1AI score0.00636EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.3 views

PYSEC-2026-2083

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.7 views

PYSEC-2026-2087

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6.1AI score0.00664EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.5 views

PYSEC-2026-2088

In Apache Airflow before 3.3.0, the REST API task-instance detail and listendpoints returned a deferred task's trigger kwargs without masking. When adeferred operator passed a secret for example a provider API key into itstrigger, any authenticated user with DAG-scoped task-instance read access...

6.5CVSS6.1AI score0.00664EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.3 views

PYSEC-0000-CVE-2026-49296

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.4 views

PYSEC-2026-2082

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References4Affected Software1
pypa
pypa
added 2026/07/07 10:16 a.m.4 views

PYSEC-0000-CVE-2026-33264

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References4Affected Software1
pypa
pypa
added 2026/07/06 9:16 p.m.4 views

PYSEC-2026-2140

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...

8.6CVSS6.2AI score0.00262EPSS
Exploits0References2Affected Software1
pypa
pypa
added 2026/07/06 9:16 p.m.4 views

PYSEC-2026-2139

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.2AI score0.00523EPSS
Exploits0References2Affected Software1
pypa
pypa
added 2026/07/06 9:16 p.m.5 views

PYSEC-2026-2138

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS6.3AI score0.00502EPSS
Exploits1References2Affected Software1
pypa
pypa
added 2026/07/06 9:16 p.m.3 views

PYSEC-2026-2304

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS6.1AI score0.00324EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/06 9:16 p.m.6 views

PYSEC-2026-2303

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS6.1AI score0.0037EPSS
Exploits0References4Affected Software1
pypa
pypa
added 2026/07/06 8:16 p.m.3 views

PYSEC-2026-2305

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6.1AI score0.00289EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2026/07/06 7:17 p.m.3 views

PYSEC-2026-2257

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS6.2AI score0.00136EPSS
Exploits1References5Affected Software1
pypa
pypa
added 2026/07/06 7:17 p.m.3 views

PYSEC-2026-2254

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6.1AI score0.00361EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2026/07/06 7:17 p.m.3 views

PYSEC-2026-2255

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6.1AI score0.00364EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2026/07/06 7:17 p.m.4 views

PYSEC-2026-2253

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS6.1AI score0.00354EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2026/07/06 7:17 p.m.3 views

PYSEC-2026-2256

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6.1AI score0.00361EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2026/07/06 11:16 a.m.4 views

PYSEC-0000-CVE-2026-49297

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS6.1AI score0.01058EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2026/07/06 11:16 a.m.4 views

PYSEC-2026-2084

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS6.1AI score0.01058EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2026/07/06 9:37 a.m.4 views

TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation

ImpactThe implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar.pythonimport tensorflow as tftf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 PatchesWe...

7.5CVSS7AI score0.00441EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 9:37 a.m.4 views

TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`

ImpactIf tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tftf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string PatchesWe have patched the issue in...

7.5CVSS7AI score0.00405EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 9:16 a.m.5 views

PYSEC-2026-2081

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS6AI score0.00509EPSS
Exploits0References2Affected Software1
pypa
pypa
added 2026/07/06 9:16 a.m.4 views

PYSEC-2026-2080

Authentication Bypass by Spoofing vulnerability in Apache IoTDB.Certain Thrift RPC query handlers lack strict validation of the sessionIdparameter. An attacker can construct requests with a forged sessionId and,without performing openSession authentication, receive valid query results.This allows...

9.1CVSS6AI score0.00471EPSS
Exploits0References2Affected Software1
pypa
pypa
added 2026/07/06 9:16 a.m.3 views

PYSEC-2026-2079

Uncontrolled Resource Consumption vulnerability in Apache IoTDB.Some interfacefails to impose reasonablelimits on the time span and aggregation interval of the query.An attackercan construct a request with extreme parameters e.g., a very large timerange combined with a minimal interval.This force...

7.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

Remote code execution in Apache Airflow Docker's Provider

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...

8.8CVSS7.5AI score0.01602EPSS
Exploits0References5Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7.1AI score0.01063EPSS
Exploits0References8Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

Barbican authorization flaw before v14.0.0

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

8.1CVSS6.7AI score0.01007EPSS
Exploits0References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

7.5CVSS7.1AI score0.01114EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.7 views

TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`

ImpactWhen Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinputsizes = 3, 1, 1, 2filter =...

7.5CVSS7AI score0.00396EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

sosreport Exposure of Sensitive Information vulnerability

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el86, ovirt-log-collector-4.4.7-2.el8ev...

5.5CVSS6.1AI score0.00233EPSS
Exploits0References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

Regular expression denial of service in eth-account

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...

7.5CVSS7.2AI score0.0078EPSS
Exploits1References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.7 views

openstack-barbican Denial of Service vulnerability

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS6.2AI score0.01018EPSS
Exploits0References12Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

SummaryThe Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. SeverityModerat...

4.7CVSS6.4AI score0.00521EPSS
Exploits0References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.6 views

Apache Superset allows authenticated users to access metadata they have no permission to

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics...

4.3CVSS5.9AI score0.0126EPSS
Exploits0References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OctoPrint does not have rate limiting on the login page

OctoPrint 1.7.3 and prior does not have rate limiting on the login page, making it possible for attackers to attempt brute force attacks. The severity of this issue is limited by OctoPrint normally running in a restricted LAN. The devel and maintenance branches of the repository have a fix that...

7.5CVSS6.4AI score0.00688EPSS
Exploits1References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Incorrect handling of invalid surrogate pair characters

ImpactWhat kind of vulnerability is it? Who is impacted?Anyone parsing JSON from an untrusted source is vulnerable.JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key...

7.5CVSS7AI score0.02283EPSS
Exploits1References8Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption

A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...

7.5CVSS7.1AI score0.01595EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Nova Changing vnic_type breaks compute service restart

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

3.3CVSS6.7AI score0.00297EPSS
Exploits1References13Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs

ImpactAccess to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches- v20.12.7 LTS- v21.12.2 LTS- v22.6.1 Referenceshttps://github.com/sanic-org/sanic/issues/2478https://github.com/sanic-org/sanic/pull/2495 For more informationIf...

8.3CVSS7.1AI score0.00919EPSS
Exploits1References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli

ImpactThis vulnerability affects all accounts vanilla and ethereum flavors in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected.This faulty behavior is not observed in StarkNet's testin...

6.5CVSS6.6AI score0.0134EPSS
Exploits1References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.6 views

Django REST framework XSS Vulnerability

Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...

6.1CVSS6.4AI score0.00597EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

Denial of Service in python-ldap

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.7AI score0.01713EPSS
Exploits0References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Open redirect in web2py

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS6.3AI score0.01478EPSS
Exploits1References8Affected Software1
Total number of security vulnerabilities7044