CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

764 matches found

NVD•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-13709

Tencent TFace restorecheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target mus...

7.8CVSS0.00979EPSS

Exploits0References2

NVD•added 2025/12/23 10:15 p.m.•1 views

CVE-2025-13706

Tencent PatrickStar mergecheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.01552EPSS

Exploits0References2

Snyk•added 2025/12/23 9:51 p.m.•4 views

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a malicious checkpoint file that is process...

8.5CVSS8AI score0.00073EPSS

Exploits0References2

Snyk•added 2025/12/23 9:50 p.m.•2 views

Arbitrary Code Injection

8.5CVSS8AI score0.00073EPSS

Exploits0References2

Snyk•added 2025/12/23 9:50 p.m.•3 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the parsing of checkpoints. An attacker can achieve arbitrary code execution by tricking a user into opening a...

8.5CVSS8AI score0.00234EPSS

Exploits0References2

Snyk•added 2025/12/23 9:50 p.m.•3 views

Arbitrary Code Injection

7.8CVSS7.9AI score0.00073EPSS

Exploits0References2

Cvelist•added 2025/12/23 9:34 p.m.•22 views

CVE-2025-13709 Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

7.8CVSS0.00979EPSS

Exploits0References2

CVE•added 2025/12/23 9:34 p.m.•5 views

CVE-2025-13706

This CVE concerns Tencent PatrickStar’s merge_checkpoint endpoint, where deserialization of untrusted data enables remote code execution. Impact: attacker can execute code with root privileges after user visits a crafted page/file. Root cause: insufficient validation of user-supplied data in the ...

7.8CVSS7.9AI score0.01552EPSS

Exploits0References2

CVE•added 2025/12/23 9:33 p.m.•9 views

CVE-2025-13708

CVE-2025-13708 affects Tencent NeuralNLP-NeuralClassifier. The vulnerability is in the _load_checkpoint function, where unvalidated deserialization of untrusted data can lead to remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file), ...

7.8CVSS7.9AI score0.01552EPSS

Exploits0References2

Vulnrichment•added 2025/12/23 9:33 p.m.•3 views

CVE-2025-13708 Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent NeuralNLP-NeuralClassifier loadcheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit th...

7.8CVSS7.3AI score0.01552EPSS

Exploits0References2

Cvelist•added 2025/12/23 9:33 p.m.•22 views

CVE-2025-13708 Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

7.8CVSS0.01552EPSS

Exploits0References2

NVD•added 2025/12/23 9:15 p.m.•3 views

CVE-2025-14928

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00073EPSS

Exploits0References1

OSV•added 2025/12/23 9:15 p.m.•2 views

PYSEC-2025-217

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS7.6AI score0.00234EPSS

Exploits0References1

OSV•added 2025/12/23 9:15 p.m.•3 views

CVE-2025-14928

7.8CVSS6.5AI score

Exploits0References1

PyPA•added 2025/12/23 9:15 p.m.•11 views

PYSEC-2025-217

7.8CVSS7.6AI score0.00234EPSS

Exploits0References1Affected Software1

OSV•added 2025/12/23 9:15 p.m.•2 views

CVE-2025-14929

7.8CVSS6.4AI score

Exploits0References1

OSV•added 2025/12/23 9:15 p.m.•3 views

PYSEC-2025-216

7.8CVSS7.6AI score0.00073EPSS

Exploits0References1

NVD•added 2025/12/23 9:15 p.m.•1 views

CVE-2025-14929

7.8CVSS0.00234EPSS

Exploits0References1

PyPA•added 2025/12/23 9:15 p.m.•7 views

PYSEC-2025-213

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

7.8CVSS7.6AI score0.00477EPSS

Exploits0References1Affected Software1

PyPA•added 2025/12/23 9:15 p.m.•5 views

PYSEC-2025-214

Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...

7.8CVSS7.6AI score0.00073EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by