CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

195 matches found

Spring Engineering•added 2024/05/14 12:0 a.m.•16 views

This Week in Spring - May 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output suppo...

7.1AI score

Exploits0

OSV•added 2024/04/16 12:30 a.m.•24 views

GHSA-G9CJ-CFPP-4G2X gradio vulnerable to Path Traversal

An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an attacker can copy any fi...

7.5CVSS7.2AI score0.93426EPSS

Exploits3References5

NVD•added 2024/04/16 12:15 a.m.•13 views

CVE-2024-1561

7.5CVSS7.3AI score0.93426EPSS

Exploits3References3

CVE•added 2024/04/16 12:0 a.m.•123 views

CVE-2024-1561

Gradio 4.3–4.12 contains a local file read vulnerability by abusing the /component_server endpoint to invoke methods on a Component (via move_resource_to_block_cache), enabling an attacker to copy and read files on the host. Impact includes potential exposure of secrets (API keys, env vars) espec...

7.5CVSS6AI score0.93426EPSS

In wildExploits3References3Affected Software1

Github Security Blog•added 2024/04/10 6:30 p.m.•27 views

Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS8.7AI score0.24427EPSS

Exploits2References4Affected Software1

OSV•added 2024/04/10 6:30 p.m.•39 views

GHSA-37Q5-V5QM-C9V8 Transformers Deserialization of Untrusted Data vulnerability

3.4CVSS5.4AI score0.24427EPSS

Exploits2References4

OSV•added 2024/04/10 5:15 p.m.•23 views

CVE-2024-3568

9.6CVSS8.6AI score

Exploits0References2

NVD•added 2024/04/10 5:15 p.m.•16 views

CVE-2024-3568

9.6CVSS5.3AI score0.24427EPSS

Exploits2References2

Cvelist•added 2024/04/10 5:7 p.m.•21 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

3.4CVSS5.6AI score0.24427EPSS

Exploits2References2

Vulnrichment•added 2024/04/10 5:7 p.m.•20 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

3.4CVSS8.5AI score0.24427EPSS

Exploits2References2

CVE•added 2024/04/10 5:7 p.m.•103 views

CVE-2024-3568

The CVE-2024-3568 issue affects the Hugging Face Transformers library, where an unsafe deserialization in TFPreTrainedModel.load_repo_checkpoint() uses pickle.load() on data from untrusted sources, enabling remote code execution via a malicious checkpoint. Documented impact targets Transformers v...

9.6CVSS8.4AI score0.24427EPSS

Exploits2References2Affected Software1

Veracode•added 2023/12/22 6:58 a.m.•14 views

Insecure Deserialization

huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...

8.8CVSS7.6AI score0.00161EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2023/12/20 6:30 p.m.•37 views

transformers has a Deserialization of Untrusted Data vulnerability