Lucene search
K

68 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/30 7:16 a.m.4 views

CVE-2025-15379

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS6.2AI score0.01994EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4199

A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...

5.3CVSS5.7AI score0.00636EPSS
Exploits0References1
OSV
OSV
added 2026/03/22 5:16 a.m.10 views

PYSEC-2026-139

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.5AI score0.00239EPSS
Exploits0References5
OSV
OSV
added 2026/03/22 5:16 a.m.3 views

DEBIAN-CVE-2026-4538

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.1AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/03/22 4:20 a.m.53 views

CVE-2026-4538

CVE-2026-4538 : PyTorch 2.10.0 contains a deserialization vulnerability in an unknown function of the pt2 Loading Handler. The issue can be exploited from a local environment and the exploit is publicly available. The description notes that the problem was reported via a pull request before the v...

7.8CVSS5.6AI score0.00239EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.6 views

PT-2026-26969

Name of the Vulnerable Software and Affected Versions PyTorch version 2.10.0 Description A flaw exists in PyTorch related to deserialization within the pt2 Loading Handler component. The issue is triggered by manipulation of an unknown function. This can be exploited in a local environment. The...

7.8CVSS5.9AI score0.00239EPSS
Exploits0References18
NVD
NVD
added 2026/03/16 2:20 p.m.5 views

CVE-2026-4199

A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...

5.3CVSS0.00636EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/16 5:2 a.m.3 views

CVE-2026-4217 XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

2.5CVSS5AI score0.00097EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 5:2 a.m.23 views

CVE-2026-4217

CVE-2026-4217 affects XREAL Nebula App up to version 3.2.1 on Android. The vulnerability resides in ai.nreal.nebula.universal’s CloudStoragePlugin.java (ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java) where manipulation of accessKey/secretAccessKey/securityToken can lead to unprotected sto...

2.5CVSS5AI score0.00097EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 12:2 a.m.2 views

CVE-2026-4199 bazinga012 mcp_code_executor index.ts installDependencies command injection

A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...

5.3CVSS5.7AI score0.00636EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/21 9:2 p.m.26 views

CVE-2026-2887 aardappel lobster idents.h TypeName recursion

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been...

4.8CVSS0.0018EPSS
Exploits1References9
CVE
CVE
added 2026/02/21 2:32 p.m.18 views

CVE-2026-2869

CVE-2026-2869 affects janet-lang/janet up to 1.40.1. The exposed vulnerability is in the function janetc_varset within src/core/specials.c of the handleattr Handler, leading to an out-of-bounds read. Exploitation is local-only; the exploit is publicly available. Mitigation is upgrading to version...

5.5CVSS5AI score0.0018EPSS
Exploits1References8Affected Software1
Huntr
Huntr
added 2025/12/23 7:16 a.m.16 views

Command Injection via Malicious Model Artifacts

A command injection vulnerability exists in MLflow's model serving container initialization code. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and directly interpolates them into a shell command without...

10CVSS6.3AI score0.01994EPSS
Exploits1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

Apple macOS 安全漏洞

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Logical Restriction Insufficiency vulnerability that can be exploited by an attacker to...

5.5CVSS6.3AI score0.00177EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/05 1:40 p.m.184 views

Vulnerable-Flask-Web-App-with-intentional-XSS-SQLi-flaws-

Vulnerable-Flask-Web-App-with-intentional-XSS-SQLi-flaws- A de...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/08 6:2 p.m.3 views

CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

4.5CVSS5.5AI score0.00228EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-14015

Malware in sbrugna...

8.8CVSS8.8AI score0.00393EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-20181

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00609EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-26607

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2025/09/26 3:15 a.m.6 views

CVE-2025-10998

A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The...

5.5CVSS0.00187EPSS
Exploits1References5
Rows per page
Query Builder