Lucene search
K

33 matches found

Snyk
Snyk
added 2026/03/24 10:30 p.m.3 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the hybrid conversion script. An attacker can execute arbitrary code, escalate privileges...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 10:30 p.m.4 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the quantization configuration loading process. An attacker can execute arbitrary code,...

8.5CVSS6.1AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 10:30 p.m.4 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the checkpoint loading process. An attacker can execute arbitrary code, escalate...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 10:30 p.m.4 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the inferencing process. An attacker can execute arbitrary code, escalate privileges,...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
Nvidia
Nvidia
added 2026/03/24 12:0 a.m.11 views

Security Bulletin: NVIDIA Megatron LM - March 2026

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.15.3 or later from NVIDIA/Megatron-LM on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...

7.8CVSS6.1AI score0.00322EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/21 9:16 p.m.11 views

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS0.00713EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/21 9:6 p.m.6 views

EUVD-2026-3779

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References2
OSV
OSV
added 2026/01/21 9:6 p.m.7 views

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/21 9:6 p.m.2 views

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/21 9:6 p.m.21 views

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00607EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/21 8:54 p.m.2 views

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS5.8AI score0.00713EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/21 8:54 p.m.4 views

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00713EPSS
Exploits1References4
CVE
CVE
added 2026/01/21 8:54 p.m.17 views

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

9.6CVSS6AI score0.00713EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/01/21 8:54 p.m.6 views

EUVD-2026-3778

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00713EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.7 views

5ire security vulnerabilities

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained security vulnerabilities. These vulnerabilities stemmed from insecure HTML rendering, which allowed unauthorized HTML execution. This could allow attackers to inject malicio...

9.6CVSS6.1AI score0.00713EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.10 views

PT-2026-3864

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to...

9.6CVSS6AI score0.00607EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.6 views

5ire code injection vulnerability

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...

9.6CVSS6.4AI score0.00607EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/09/10 3:42 p.m.8 views

com.alilitech:boot-plus-generator (>=1.1.0 <=1.3.7), com.alilitech:boot-plus-log (>=1.2.0 <=2.0.5) +33 more potentially affected by CVE-2025-58754 via org.webjars.npm:axios (>=0.15.3 <=0.26.0)

org.webjars.npm:axios MAVEN version =0.15.3, =1.1.0, =1.2.0, =1.1.0, =1.0.0, =1.0.1, =1.6.1, =1.1.71, =1.1.521 - org.webjars.npm:googlemapsgoogle-maps-services-js =3.1.13 - org.webjars.npm:grot-table =1.6.1 and more Source cves: CVE-2025-58754 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-12613774...

7.5CVSS6.4AI score0.01099EPSS
Exploits1
OSV
OSV
added 2025/05/07 5:32 p.m.13 views

GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default

Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...

7.1CVSS6.9AI score0.0016EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/08/16 9:0 p.m.39 views

@excalidraw/excalidraw Cross-site Scripting vulnerability

Impact XSS vulnerability due to improperly sanitizing URLs of links that can be attached on canvas elements. This affects users of the npm package @excalidraw/excalidraw provided it was deployed in environments where untrusted user input in drawings that are then shared with third parties is a...

6.1CVSS6.7AI score0.00475EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder