Security Vulnerabilities
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-25
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.
CVSS Score
8.8
EPSS Score
0.005
Published
2025-09-25
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-25
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-25
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-25
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still valid post-logout, which can allow unauthorized actions. This issue has been patched in version 2.3.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-25
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-25
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-25
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-25
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-25