Lucene search
K

40 matches found

OSV
OSV
added 2026/01/13 5:15 p.m.4 views

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

6.5CVSS5.8AI score0.00306EPSS
Exploits1References3
NVD
NVD
added 2026/01/13 5:15 p.m.4 views

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

6.5CVSS0.00306EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/13 12:0 a.m.2 views

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

6AI score0.00306EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2381

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description e107 CMS version 3.2.1 is affected by multiple cross-site scripting XSS issues. A reflected XSS exists in the news comment functionality, triggered when authenticated users interact with the comment form. An...

9.8CVSS5.6AI score0.00574EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Hubert Hub 安全漏洞

Hubert Hub is a digital management platform from Hubert Brazil. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from insecure permissions and could lead to an authenticated, low-privileged attacker requesting access to other user information via a specially crafted...

6.5CVSS5.8AI score0.00306EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2486

Name of the Vulnerable Software and Affected Versions Hubert Imoveis e Administracao Ltda Hub v2.0 version 1.27.3 Description The software contains insecure permissions that allow authenticated attackers with low-level privileges to access other users' information through a specially crafted API...

6.5CVSS5.4AI score0.00306EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Hubert Hub 安全漏洞

Hubert Hub is a digital management platform from Brazilian company Hubert. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from an arbitrary file upload in the /utils/uploadFile component, which could lead to an attacker executing arbitrary code by uploading a...

9.8CVSS6AI score0.00441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.7 views

CVE-2025-14928

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious HuBERT model checkpoint, causing arbitrary code execution in the contex...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2025/12/23 9:15 p.m.5 views

CVE-2025-14928

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00278EPSS
Exploits0References1
PyPA
PyPA
added 2025/12/23 9:15 p.m.9 views

PYSEC-2025-216

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00278EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/23 9:15 p.m.8 views

PYSEC-2025-216

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2025/12/23 9:4 p.m.4 views

CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2025/12/23 9:4 p.m.16 views

CVE-2025-14928

CVE-2025-14928 – Hugging Face Transformers HuBERT convert_config code execution . A flaw in convert_config fails to validate a user-supplied string before using it to execute Python code, enabling arbitrary code execution when processing a malicious HuBERT checkpoint. Affected product: Hugging Fa...

7.8CVSS7.9AI score0.00278EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/23 9:4 p.m.12 views

CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.5AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

Hugging Face Transformers 代码注入漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code injection vulnerability exists in Hugging Face Transformers, which stems from a lack of...

7.8CVSS8AI score0.00278EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/18 12:0 a.m.5 views

(0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...

7.8CVSS7.4AI score0.00278EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52385

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists within the convert config function in Hugging Face Transformers, allowing remote attackers to execute arbitrary code on affected systems. Exploitation requires...

7.8CVSS7.9AI score0.00278EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/06/06 2:26 p.m.11 views

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

7AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/13 12:0 a.m.27 views

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

6.5AI score0.01107EPSS
Exploits0References3
OSV
OSV
added 2024/05/13 12:0 a.m.21 views

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.6AI score0.01107EPSS
Exploits0References7
Rows per page
Query Builder