Lucene search
K

206159 matches found

CVE
CVE
added 2026/04/07 5:22 a.m.51 views

CVE-2026-1839

CVE-2026-1839 concerns the HuggingFace Transformers library, affecting the Trainer class. The root cause is an unsafe load in src/transformers/trainer.py: _load_rng_state() calls torch.load() without weights_only=True, which can allow arbitrary code execution when loading a malicious checkpoint (...

7.8CVSS7AI score0.00349EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/07 1:58 a.m.13 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/07 1:58 a.m.7 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.3CVSS6.3AI score0.00834EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/04/07 12:1 a.m.3 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

8.8CVSS6.6AI score0.00591EPSS
Exploits2
OSV
OSV
added 2026/04/07 12:1 a.m.10 views

RLSA-2026:6005 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

8.8CVSS6.5AI score0.00591EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...

8.8CVSS6.4AI score0.00304EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

NI LabVIEW 安全漏洞

NI LabVIEW is a graphical programming platform developed by National Instruments. Versions of NI LabVIEW prior to 2026 Q1 26.1.0 contained security vulnerabilities. These vulnerabilities stemmed from out-of-bound writing during the loading of corrupted LVCLASS files, which could lead to memory...

8.5CVSS7.4AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

Mozilla Firefox和Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

9.8CVSS6.2AI score0.00257EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/04/07 12:0 a.m.6 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2025475%2C2025477 reports: Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

9.8CVSS6AI score0.00257EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/04/07 12:0 a.m.10 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 reports: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence o...

9.8CVSS6AI score0.00329EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed throug...

10CVSS6AI score0.00613EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.4 views

RHEL 10 : freerdp (RHSA-2026:6799)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6799 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

9.8CVSS6.6AI score0.00656EPSS
Exploits5References30
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30793

Name of the Vulnerable Software and Affected Versions HuggingFace Transformers versions prior to 5.0.0rc3 Description A flaw exists in the Trainer class within the HuggingFace Transformers library. The load rng state method, located in src/transformers/trainer.py at line 3059, utilizes torch.load...

6.5CVSS7.2AI score0.00349EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multi-modal models, and can be used for both inference and training. There is a security vulnerability in Hugging Face...

7.8CVSS7AI score0.00349EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. There is a security vulnerability in pyLoad. This vulnerability arises from the fact that the “storagefolder” option is not included in the ADMINONLYOPTIONS set, and it bypasses existing path restrictions. This could allow users with...

8.8CVSS6.3AI score0.00529EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by type confusion in the V8 engine. This vulnerability could allow arbitrary code to be executed within a sandbox through specially crafted HTML pages...

8.8CVSS7.5AI score0.0033EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-31000

There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

8.5CVSS6.2AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30826

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Thunderbird versions prior to 149.0.2 Description Memory safety bugs exist in Firefox 149.0.1 and Thunderbird 149.0.1. These bugs demonstrate evidence of memory corruption, and it is presumed that, with...

10CVSS6.2AI score0.00257EPSS
Exploits0References20
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a resource management vulnerability. This vulnerability stemmed from WebRTC’s ability to reuse resources after they are released, potentially allowing arbitrary code to be executed...

8.8CVSS7.5AI score0.0048EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.1 views

PT-2026-30933

NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...

7.3CVSS6.2AI score0.00258EPSS
Exploits0References3
Rows per page
Query Builder