145 matches found
CVE-2026-10801
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-10801
CVE-2026-10801 affects modelscope ms-swift up to 4.2.0 and targets the PIL Image Cache Key Handler, specifically the function Template._save_pil_image in swift/template/base.py. The issue is a manipulation that results in the use of a weak hash, enabling a local attack. The CVE notes a high attac...
CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
EUVD-2026-34242
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-10801
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
PT-2026-46180
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...
CVE-2025-51427
A flaw was found in ModelScope. This vulnerability allows a remote attacker to execute arbitrary code by providing a specially crafted module within the configuration file deymini.yaml under the 'nnet.module' key. Successful exploitation could lead to complete system compromise...
GHSA-FHHQ-H4HG-549X ModelScope is vulnerable to arbitrary code injection via a crafted module
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
ModelScope is vulnerable to arbitrary code injection via a crafted module
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
ModelScope 1.25.0 is affected by CVE-2025-51427. The issue allows arbitrary code execution via a crafted module listed in the deployment’s configuration file (dey_mini.yaml) under the key ['nnet']['module']. The root cause is a unsafe module loading path in the configuration, enabling an attacker...
EUVD-2025-209897
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
PT-2026-41930
Name of the Vulnerable Software and Affected Versions ModelScope version 1.25.0 Description An issue allows attackers to execute arbitrary code through a crafted module specified in the configuration file 'dey mini.yaml' under the key 'nnet''module'. Recommendations At the moment, there is no...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
ModelScope 代码注入漏洞
ModelScope is an open-source model service and inference training platform developed by ModelScope. Version 1.25.0 of ModelScope contains a code injection vulnerability. This vulnerability stems from allowing attackers to execute arbitrary code by using a specially crafted module listed under the...
EUVD-2026-23777
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...
EUVD-2026-23770
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...