CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added yesterday•3 views

CVE-2026-5241

8CVSS7.9AI score

CVE•added yesterday•11 views

CVE-2026-5241

Affects huggingface/transformers (LightGlue model loading path) with vulnerability in LightGlueConfig when using AutoModel.from_pretrained() with trust_remote_code=False. Untrusted serialized config (config.json) propagates its trust_remote_code value into nested AutoConfig.from_pretrained() call...

8CVSS7.9AI score

Positive Technologies•added yesterday•4 views

PT-2026-45946

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust remote code parameter, intended to prevent remote code execution, ...

8CVSS7.9AI score

ATTACKERKB•added 2 days ago•4 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE•added 2 days ago•7 views

Exploits0References5

CVE-2026-47117

OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...

Vulnrichment•added 2 days ago•5 views

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

EUVD•added 2 days ago•2 views

EUVD-2026-33942

Positive Technologies•added 2 days ago•5 views

PT-2026-45783

Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...

9.8CVSS6.2AI score0.00236EPSS

Exploits0References7

CNNVD•added 3 days ago•4 views

AnomalyMatch security vulnerability

AnomalyMatch is a semi-supervised image anomaly detection tool open source by the European Space Agency. Versions of AnomalyMatch prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of torch.load to load model files without proper deserialization...

7.8CVSS6.2AI score0.00052EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42943

Name of the Vulnerable Software and Affected Versions transformers versions prior to 5.3.0 Description A remote code execution issue exists where an attacker can craft a malicious config.json file. By setting the attn implementation internal field to a controlled HuggingFace Hub repository ID, an...

7.8CVSS7.8AI score0.00032EPSS

Exploits0References6

Vulnrichment•added 2026/05/22 7:24 p.m.•3 views

CVE-2026-5817 Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...

8.8CVSS6.5AI score0.0002EPSS

Exploits1References1

Github Security Blog•added 2026/05/21 5:30 p.m.•9 views

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

6.5AI score

Exploits0References3Affected Software1

OSV•added 2026/05/21 5:30 p.m.•1 views

GHSA-M549-QQ94-FVHG LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

7.8CVSS6.5AI score

RedhatCVE•added 2026/05/12 8:21 p.m.•3 views

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

5.7CVSS6.1AI score0.00017EPSS

Exploits0References1

EUVD•added 2026/05/12 6:30 p.m.•6 views

EUVD-2026-29555

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

6.5AI score0.0025EPSS

NVD•added 2026/05/12 6:16 p.m.•4 views

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

9.8CVSS0.00513EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40116

6.3AI score0.00513EPSS

Vulnrichment•added 2026/05/12 12:0 a.m.•4 views

CVE-2026-31229

6.3AI score0.00513EPSS

CNNVD•added 2026/05/12 12:0 a.m.•4 views

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...

9.8CVSS6.2AI score0.00088EPSS