Lucene search
K

120948 matches found

RedhatCVE
RedhatCVE
added 2025/12/26 5:41 a.m.6 views

CVE-2025-68664

A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain's dumps and dumpd functions. This occurs because the functions do not properly escape dictionaries containing the interna...

9.3CVSS7.5AI score0.1383EPSS
Exploits5References10
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.2 views

Eaton UPS Companion 安全漏洞

Eaton UPS Companion is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton UPS Companion that stems from an improperly referenced search path that could lead to the execution of arbitrary code by an attacker with file system access...

6.7CVSS7.3AI score0.00192EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/26 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-44353

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

9.8CVSS5.9AI score0.80178EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53454

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion software affected versions not specified Description The Eaton UPS Companion software contains a flaw related to insecure library loading. An attacker who has access to the software package could potentially execute arbitra...

7.8CVSS7.1AI score0.00134EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

Eaton UPS Companion 安全漏洞

Eaton UPS Companion is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton UPS Companion, which stems from an insecure library load and could lead to the execution of arbitrary code by an attacker with access to the software package...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53604

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.11.1 Description LMDeploy is a toolkit used for compressing, deploying, and serving LLMs. A flaw exists where the torch.load function is called without the weights only=True parameter when loading model checkpoint...

8.8CVSS7.4AI score0.00487EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.2 views

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

7.5AI score0.00595EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53453

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion affected versions not specified Description A flaw exists in the Eaton UPS Companion software installer related to improper handling of quotation marks in search paths. This could allow an attacker with file system access t...

6.7CVSS6.8AI score0.00192EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.1 views

FreeBSD : fluidsynth -- Use after free when using DLS files (bf854a37-e180-11f0-ac0c-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf854a37-e180-11f0-ac0c-5404a68ad561 advisory. The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based...

7CVSS6.4AI score0.00179EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.3 views

CVE-2025-14411

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

3.3CVSS3.2AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 9:19 p.m.5 views

CVE-2025-14498

TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS7.5AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 8:15 p.m.5 views

CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS0.00332EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/12/24 8:15 p.m.5 views

CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS6.4AI score0.00332EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.1 views

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS7.8AI score0.00332EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.30 views

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS0.00332EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.7 views

CVE-2025-14930

A flaw was found in the Hugging Face Transformers library. The parsing of weights fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious GLM4 model, resulting in arbitrary code execution in the context of the...

8.8CVSS8AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.6 views

CVE-2025-14928

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious HuBERT model checkpoint, causing arbitrary code execution in the contex...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.11 views

CVE-2025-14929

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious X-CLIP model, resulting in arbitrary code execution in the context o...

8.8CVSS7.9AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.7 views

CVE-2025-14926

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW model checkpoint, causing arbitrary code execution in the context o...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.11 views

CVE-2025-14924

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious megatrongpt2 model, resulting in arbitrary code execution in the...

8.8CVSS8AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder