764 matches found
CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14927 Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14927 Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...
CVE-2025-14929
CVE-2025-14929 concerns Hugging Face Transformers (X-CLIP) checkpoint conversion. The vulnerability stems from improper validation during checkpoint parsing, enabling deserialization of untrusted data and resulting in remote code execution in the process that handles the file. Attacker interactio...
Hugging Face Accelerate 代码问题漏洞
Hugging Face Accelerate is a lightweight tool library for Python open sourced by Hugging Face. A code issue vulnerability exists in Hugging Face Accelerate that stems from a lack of validation of user-supplied data when parsing checkpoints, which could lead to deserialization of untrusted data an...
Tencent TFace 代码问题漏洞
Tencent TFace is a deep learning research platform focusing on face recognition from China's Tencent Tencent. Tencent TFace suffers from a code issue vulnerability that stems from a lack of validation of user-supplied data in the restorecheckpoint function, which could lead to deserialization of...
Hugging Face Diffusers 代码问题漏洞
Hugging Face Diffusers is a Python software library open-sourced by Hugging Face. A code issue vulnerability exists in Hugging Face Diffusers that stems from a lack of validation of user-supplied data when parsing checkpoints in CogView4, which could lead to deserialization of untrusted data and...
Tencent PatrickStar 代码问题漏洞
Tencent PatrickStar is a distributed deep learning training framework from Tencent China. A code issue vulnerability exists in Tencent PatrickStar that stems from a lack of validation of user-supplied data in the mergecheckpoint endpoint, which could lead to deserialization of untrusted data and...
Hugging Face Transformers 代码问题漏洞
Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...
EUVD-2025-204701
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...
(0Day) Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...
(0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...
PT-2025-52386
Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists in Hugging Face Transformers related to the parsing of checkpoints, allowing remote attackers to execute arbitrary code. The issue stems from insufficient...
(0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...
(0Day) Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
NVIDIA Resiliency Extension 竞争条件问题漏洞
NVIDIA Resiliency Extension is a Python package from NVIDIA. NVIDIA Resiliency Extension suffers from a Competitive Condition Issue vulnerability that stems from the presence of a competitive condition in the checkpoint kernel, which could lead to information disclosure, data tampering, denial of...
SQL Injection
LangGraph SQLite Checkpoint is vulnerable to SQL injection. The vulnerability is due to unsafe construction of SQL queries using unvalidated metadata filter keys, where attacker-controlled keys are interpolated directly into SQL f-strings in the checkpoint search logic, allowing manipulation of...
SQL Injection
langgraph-checkpoint-sqlite is vulnerable to SQL Injection. The vulnerability is due to use of direct string concatenation without proper parameterization in database queries, which allows an attacker to inject arbitrary SQL and bypass access controls...
CVE-2025-67644
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...