Lucene search
K

206155 matches found

RedHat Linux
RedHat Linux
added 2026/04/07 7:47 a.m.4 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS6.5AI score0.00656EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/07 7:5 a.m.7 views

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

6.6CVSS6.8AI score0.00213EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/04/07 7:5 a.m.2 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/07 7:5 a.m.8 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

7.8CVSS6.3AI score0.01162EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/07 6:48 a.m.4 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havin...

7.8CVSS6.3AI score0.01162EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/07 6:48 a.m.5 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/07 6:30 a.m.10 views

HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

7.8CVSS7AI score0.00349EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/07 6:25 a.m.5 views

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

6.6CVSS6.8AI score0.00213EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/04/07 6:25 a.m.3 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/07 6:25 a.m.4 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

7.8CVSS6.3AI score0.01162EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/07 6:25 a.m.4 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS6.5AI score0.00656EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/07 6:20 a.m.3 views

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

6.6CVSS6.8AI score0.00213EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/04/07 6:20 a.m.3 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.8CVSS6.3AI score0.01162EPSS
Exploits1References5
CVE
CVE
added 2026/04/07 5:22 a.m.51 views

CVE-2026-1839

CVE-2026-1839 concerns the HuggingFace Transformers library, affecting the Trainer class. The root cause is an unsafe load in src/transformers/trainer.py: _load_rng_state() calls torch.load() without weights_only=True, which can allow arbitrary code execution when loading a malicious checkpoint (...

7.8CVSS7AI score0.00349EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 5:22 a.m.26 views

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS0.00349EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 5:22 a.m.5 views

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS7AI score0.00349EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:22 a.m.2 views

CVE-2026-1839

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS7AI score0.00349EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/04/07 1:58 a.m.13 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/07 1:58 a.m.7 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.3CVSS6.3AI score0.00834EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 12:1 a.m.10 views

RLSA-2026:6005 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

8.8CVSS6.5AI score0.00591EPSS
Exploits2References3
Rows per page
Query Builder