68 matches found
CVE-2025-15379
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...
CVE-2026-4199
A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...
PYSEC-2026-139
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...
DEBIAN-CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...
CVE-2026-4538
CVE-2026-4538 : PyTorch 2.10.0 contains a deserialization vulnerability in an unknown function of the pt2 Loading Handler. The issue can be exploited from a local environment and the exploit is publicly available. The description notes that the problem was reported via a pull request before the v...
PT-2026-26969
Name of the Vulnerable Software and Affected Versions PyTorch version 2.10.0 Description A flaw exists in PyTorch related to deserialization within the pt2 Loading Handler component. The issue is triggered by manipulation of an unknown function. This can be exploited in a local environment. The...
CVE-2026-4199
A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...
CVE-2026-4217 XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
CVE-2026-4217
CVE-2026-4217 affects XREAL Nebula App up to version 3.2.1 on Android. The vulnerability resides in ai.nreal.nebula.universal’s CloudStoragePlugin.java (ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java) where manipulation of accessKey/secretAccessKey/securityToken can lead to unprotected sto...
CVE-2026-4199 bazinga012 mcp_code_executor index.ts installDependencies command injection
A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...
CVE-2026-2887 aardappel lobster idents.h TypeName recursion
A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been...
CVE-2026-2869
CVE-2026-2869 affects janet-lang/janet up to 1.40.1. The exposed vulnerability is in the function janetc_varset within src/core/specials.c of the handleattr Handler, leading to an out-of-bounds read. Exploitation is local-only; the exploit is publicly available. Mitigation is upgrading to version...
Command Injection via Malicious Model Artifacts
A command injection vulnerability exists in MLflow's model serving container initialization code. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and directly interpolates them into a shell command without...
Apple macOS 安全漏洞
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Logical Restriction Insufficiency vulnerability that can be exploited by an attacker to...
Vulnerable-Flask-Web-App-with-intentional-XSS-SQLi-flaws-
Vulnerable-Flask-Web-App-with-intentional-XSS-SQLi-flaws- A de...
CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
EUVD-2017-14015
Malware in sbrugna...
EUVD-2024-20181
Malicious code in bioql PyPI...
EUVD-2025-26607
Malicious code in bioql PyPI...
CVE-2025-10998
A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The...