40 matches found
CVE-2025-65784
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...
CVE-2025-65784
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...
CVE-2025-65784
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...
PT-2026-2381
Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description e107 CMS version 3.2.1 is affected by multiple cross-site scripting XSS issues. A reflected XSS exists in the news comment functionality, triggered when authenticated users interact with the comment form. An...
Hubert Hub 安全漏洞
Hubert Hub is a digital management platform from Hubert Brazil. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from insecure permissions and could lead to an authenticated, low-privileged attacker requesting access to other user information via a specially crafted...
PT-2026-2486
Name of the Vulnerable Software and Affected Versions Hubert Imoveis e Administracao Ltda Hub v2.0 version 1.27.3 Description The software contains insecure permissions that allow authenticated attackers with low-level privileges to access other users' information through a specially crafted API...
Hubert Hub 安全漏洞
Hubert Hub is a digital management platform from Brazilian company Hubert. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from an arbitrary file upload in the /utils/uploadFile component, which could lead to an attacker executing arbitrary code by uploading a...
CVE-2025-14928
A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious HuBERT model checkpoint, causing arbitrary code execution in the contex...
CVE-2025-14928
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
PYSEC-2025-216
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
PYSEC-2025-216
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14928
CVE-2025-14928 – Hugging Face Transformers HuBERT convert_config code execution . A flaw in convert_config fails to validate a user-supplied string before using it to execute Python code, enabling arbitrary code execution when processing a malicious HuBERT checkpoint. Affected product: Hugging Fa...
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
Hugging Face Transformers 代码注入漏洞
Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code injection vulnerability exists in Hugging Face Transformers, which stems from a lack of...
(0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...
PT-2025-52385
Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists within the convert config function in Hugging Face Transformers, allowing remote attackers to execute arbitrary code on affected systems. Exploitation requires...
s2n-tls has a potentially observable differences in RSA premaster secret handling
When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...
CVE-2024-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...
CVE-2024-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...