CVE-2021-29571: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWith
mediumvulnerability
TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where attackers can provide specially crafted input data to read and write outside the bounds of heap-allocated memory (memory areas assigned during program execution), potentially causing memory corruption. The issue occurs because the code assumes the last element of the `boxes` input is 4 without checking it first, so attackers can pass smaller values to access memory they shouldn't.
The fix will be included in TensorFlow 2.5.0 and will also be backported (copied to earlier versions still being supported) in TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4.
4.5(medium)
EPSS: 0.0%
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
GHSA-w3hv-x4fp-6h6j: @grackle-ai/server has Missing WebSocket Origin Header Validation
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
GHSA-5h3f-885m-v22w: OpenClaw: Existing WS sessions survive shared gateway token rotation
CVE-2026-46440: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the che
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29571
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%