15 matches found
CVE-2026-10043
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-47748
CVE-2026-47748 affects stable-diffusion.cpp (C/C++ library) prior to master-584-0a7ae07. The root cause is out-of-bounds reads in the PyTorch checkpoint pickle opcode parsing in src/model.cpp, where the parser sometimes advances buffer positions without validating remaining input, allowing reads ...
CVE-2025-14922
A flaw was found in Hugging Face Diffusers. This vulnerability allows remote attackers to execute arbitrary code on affected installations. Exploitation requires user interaction, where a target must visit a malicious page or open a malicious file. The issue stems from improper validation of...
Deserialization of Untrusted Data
Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the parsing of checkpoints. An attacker can achieve arbitrary code execution by tricking a user into opening a...
PYSEC-2025-217
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...
CVE-2025-14929
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...
PYSEC-2025-213
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2025-14924
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2025-14924
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
PYSEC-2025-213
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2025-14925 Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target...
CVE-2025-14925 Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target...
CVE-2025-14922 Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
Hugging Face Diffusers 代码问题漏洞
Hugging Face Diffusers is a Python software library open-sourced by Hugging Face. A code issue vulnerability exists in Hugging Face Diffusers that stems from a lack of validation of user-supplied data when parsing checkpoints in CogView4, which could lead to deserialization of untrusted data and...