23 matches found
CVE-2026-27520
creationtimestamp| type| source ---|---|--- 2026-02-24 16:32:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfmlrefav72d 2026-02-24 16:57:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfmn5zh4gl2y 2026-02-26 14:00:16+00:00| seen|...
Exploit for Deserialization of Untrusted Data in Bentoml
Day 09 — CVE-2025-27520 BentoML-style insecure deserializatio...
📄 BentoML 1.4.2 Remote Code Execution
A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...
BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability CVSS 9.8 - CVE-2025-27520 in BentoML v1.3.8–1.4.2 lets attackers execute remote code without…...
CVE-2025-27520
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
ai-dynamo (=0.1.0), openllm (=0.6.19) potentially affected by CVE-2025-27520 via bentoml (>=1.4.0a2 <=1.4.1)
bentoml PYPI version =1.4.0a2, =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on bentoml and may be impacted: - ai-dynamo =0.1.0 - openllm =0.6.19 Source cves: CVE-2025-27520 Source advisory: SNYK:PYTHON-BENTOML-9667321...
ai-dynamo (=0.1.0), openllm (=0.6.19) potentially affected by CVE-2025-27520 via bentoml (>=1.4.0a2 <=1.4.1)
bentoml PYPI version =1.4.0a2, =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on bentoml and may be impacted: - ai-dynamo =0.1.0 - openllm =0.6.19 Source cves: CVE-2025-27520 Source advisory: OSV:GHSA-33XW-247W-6HMC...
CVE-2025-27520
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...
CVE-2025-27520
BentoML 1.4.2 contains an insecure deserialization flaw in serde.py that enables unauthenticated RCE via crafted payloads. The issue, described across CVE-2025-27520 sources, is fixed in 1.4.3. Public PoCs and exploit modules exist (GitHub, Metasploit) illustrating remote command execution attemp...
CVE-2025-27520
creationtimestamp| type| source ---|---|--- 2025-04-04 00:59:47+00:00| published-proof-of-concept| https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc 2025-04-04 15:15:09+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114280346981280788 2025-04-04 15:15:09+00:00|...
CVE-2023-27520
creationtimestamp| type| source ---|---|--- 2025-02-14 10:00:36+00:00| seen| Telegram/b7IHSLp34ZVHiB1OfJGM5tHTe08ipBojnMiwQXQUyMrl0zt...
CVE-2023-27520
Cross-site request forgery CSRF vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. Note Web Config is the software that allows...
CVE-2023-27520
Cross-site request forgery CSRF vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. Note Web Config is the software that allows...
CVE-2023-27520
The CVE-2023-27520 CSRF vulnerability affects SEIKO EPSON printers’ Web Config (Remote Manager) and can allow a remote unauthenticated attacker to hijack a user’s session by tricksing a logged-in user into visiting a malicious page. The underlying issue is cross-site request forgery in the Web Co...
FUDForum 3.1.0 Cross Site Scripting
Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...
FUDForum 3.1.0 - 'author' Reflected XSS
Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27520...
FUDForum 3.1.0 - (author) Reflected XSS Vulnerability
Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27520...
CVE-2021-27520
creationtimestamp| type| source ---|---|--- 2021-03-19 21:33:31+00:00| seen| https://t.me/cibsecurity/25192...