Lucene search
K

26 matches found

OSV
OSV
added 2026/03/30 6:41 p.m.6 views

GHSA-68F8-9MHJ-H2MP OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.8 views

llama.cpp 安全漏洞

llama.cpp is a LLaMA model for inferring Meta in pure C/C++. A security vulnerability exists in llama.cpp that stems from code that can be executed remotely via server-side template injection in the model metadata...

9.6CVSS8.5AI score0.2842EPSS
Exploits1References4
OSV
OSV
added 2024/05/13 2:10 p.m.34 views

GHSA-56XG-WFCC-G829 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...

9.6CVSS9.2AI score0.2842EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/05/13 2:10 p.m.98 views

llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...

9.6CVSS7.3AI score0.2842EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/05/10 5:7 p.m.59 views

CVE-2024-34359 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

9.6CVSS9.9AI score0.2842EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/05/10 5:7 p.m.30 views

CVE-2024-34359 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

9.6CVSS7.9AI score0.2842EPSS
Exploits1References2
Rows per page
Query Builder