Lucene search
K

333 matches found

EUVD
EUVD
added 2026/06/30 12:54 p.m.7 views

EUVD-2026-40311

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:54 p.m.5 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-345 Gradio allows users to access arbitrary files

Impact This vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. Patches Yes, the...

9.2CVSS7AI score0.85393EPSS
Exploits2References7
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54316

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

9.1CVSS0.00403EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 5:11 p.m.9 views

Use of Incorrectly-Resolved Name or Reference

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference through several model loading paths. An attacker can make the server load a different Hugging Face...

6.5CVSS5.5AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.6AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.4AI score0.00562EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.9 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/29 7:35 a.m.94 views

Exploit for XPath Injection in Huggingface Smolagents

🔐 Smolagents XPath Injection Simulation Framework CVE-2025-11...

5.4CVSS6AI score0.00252EPSS
Exploits2
OSV
OSV
added 2026/05/27 3:33 p.m.3 views

GHSA-7HP7-4P35-3CX2 Gradio contains a cookie injection vulnerability

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.9AI score0.0035EPSS
Exploits0References7
OSV
OSV
added 2026/05/25 10:4 a.m.13 views

MAL-2026-4823 Malicious code in msc-terminal (npm)

Part of a multi-package malicious campaign, msc-terminal npm author nhpkevte1576 carries the same payload as eo-terminal and logger-draft — a fully-featured infostealer and remote access trojan RAT deployed via a postinstall hook. All three packages share the same C2 infrastructure and attack...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/24 3:54 p.m.24 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of model configuration files, an attacker can craft a malicious config.json file...

8.5CVSS7.2AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multimodal models, and can be used for both inference and training. Prior versions of Hugging Face Transformers, such as 5.3.0,...

7.8CVSS7.5AI score0.00479EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 8:33 a.m.9 views

Malicious code in pinno-loggers (npm)

pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:33 a.m.10 views

MAL-2026-4196 Malicious code in pinno-loggers (npm)

pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:21 a.m.13 views

MAL-2026-4197 Malicious code in pretty-logger-utils (npm)

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:52 a.m.12 views

Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/05/20 6:43 a.m.19 views

MAL-2026-4198 Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS0.00562EPSS
Exploits1References1
Rows per page
Query Builder