33 matches found
Deserialization of Untrusted Data
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the hybrid conversion script. An attacker can execute arbitrary code, escalate privileges...
Deserialization of Untrusted Data
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the quantization configuration loading process. An attacker can execute arbitrary code,...
Deserialization of Untrusted Data
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the checkpoint loading process. An attacker can execute arbitrary code, escalate...
Deserialization of Untrusted Data
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the inferencing process. An attacker can execute arbitrary code, escalate privileges,...
Security Bulletin: NVIDIA Megatron LM - March 2026
NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.15.3 or later from NVIDIA/Megatron-LM on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...
CVE-2026-22792
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
EUVD-2026-3779
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22792
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
CVE-2026-22792
5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...
EUVD-2026-3778
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
5ire security vulnerabilities
5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained security vulnerabilities. These vulnerabilities stemmed from insecure HTML rendering, which allowed unauthorized HTML execution. This could allow attackers to inject malicio...
PT-2026-3864
Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to...
5ire code injection vulnerability
5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...
com.alilitech:boot-plus-generator (>=1.1.0 <=1.3.7), com.alilitech:boot-plus-log (>=1.2.0 <=2.0.5) +33 more potentially affected by CVE-2025-58754 via org.webjars.npm:axios (>=0.15.3 <=0.26.0)
org.webjars.npm:axios MAVEN version =0.15.3, =1.1.0, =1.2.0, =1.1.0, =1.0.0, =1.0.1, =1.6.1, =1.1.71, =1.1.521 - org.webjars.npm:googlemapsgoogle-maps-services-js =3.1.13 - org.webjars.npm:grot-table =1.6.1 and more Source cves: CVE-2025-58754 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-12613774...
GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default
Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...
@excalidraw/excalidraw Cross-site Scripting vulnerability
Impact XSS vulnerability due to improperly sanitizing URLs of links that can be attached on canvas elements. This affects users of the npm package @excalidraw/excalidraw provided it was deployed in environments where untrusted user input in drawings that are then shared with third parties is a...