DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must o...
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must o...
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must o...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt pars...
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
update_disk_psu_baseline.sh requires password in plain text
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions
Deno: Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks
Deno: Miller-Rabin Primality Test Allows Zero Rounds
Deno: Command Injection via spawnSync & spawn on Windows
Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access
Deno: WebSocket API sandbox bypass via missing post-DNS check
Deno: `fetch()` API sandbox bypass via missing DNS resolution check
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
n8n: Merge Node SQL Mode Prototype Pollution
n8n: Prototype Pollution enables confused-deputy execution via public webhooks
n8n: Same-Origin XSS in Respond to Webhook Node
n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes