Lucene search
K

157 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-255 AgentScope path traversal vulnerability in save-workflow

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS7.5AI score0.0091EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-254 AgentScope path traversal vulnerability

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS7.4AI score0.00953EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

7.5CVSS6.6AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6603

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-6606

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:16 a.m.15 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS0.00075EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/04 11:0 a.m.13 views

EUVD-2026-34242

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/04 11:0 a.m.9 views

CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:0 a.m.7 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:0 a.m.43 views

CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS0.00075EPSS
Exploits0References8
CVE
CVE
added 2026/06/04 11:0 a.m.24 views

CVE-2026-10801

CVE-2026-10801 affects modelscope ms-swift up to 4.2.0 and targets the PIL Image Cache Key Handler, specifically the function Template._save_pil_image in swift/template/base.py. The issue is a manipulation that results in the use of a weak hash, enabling a local attack. The CVE notes a high attac...

3.6CVSS5AI score0.00075EPSS
Exploits0References8
OSV
OSV
added 2026/06/04 11:0 a.m.4 views

CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

2CVSS4.8AI score0.00075EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.25 views

PT-2026-46180

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

ModelScope 安全漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Versions of ModelScope 4.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the Template.savepilimage function of the...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/27 9:40 a.m.15 views

CVE-2025-51427

A flaw was found in ModelScope. This vulnerability allows a remote attacker to execute arbitrary code by providing a specially crafted module within the configuration file deymini.yaml under the 'nnet.module' key. Successful exploitation could lead to complete system compromise...

8.1CVSS6.1AI score0.00529EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/05/20 3:35 p.m.6 views

adaseq (=0.4.0), cosmos-predict2 (>=1.0.6 <=1.0.9) +20 more potentially affected by CVE-2025-51427 via modelscope (>=1.10.0 <=1.26.0)

modelscope PYPI version =1.10.0, =1.0.6, =0.5.4, =0.1.1, =0.6.0, =1.0.0, =0.4.0, =2.4.2, =0.1.0, =0.1.2, =0.1.0, =0.5.0, =0.7.0 and more Source cves: CVE-2025-51427 Source advisory: SNYK:PYTHON-MODELSCOPE-17223769...

8.1CVSS5.4AI score0.00529EPSS
Exploits0
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

Arbitrary Code Execution

Overview modelscope is a ModelScope: bring the notion of Model-as-a-Service to life. Affected versions of this package are vulnerable to Arbitrary Code Execution from the pipeline interface. There, a user can supply a malicious model that loads arbitrary modules via an acoustic-echo-cancellation...

8.8CVSS5.7AI score0.00529EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/19 3:31 p.m.7 views

adaseq (=0.4.0), cosmos-predict2 (>=1.0.6 <=1.0.9) +20 more potentially affected by CVE-2025-51427 via modelscope (>=1.10.0 <=1.26.0)

modelscope PYPI version =1.10.0, =1.0.6, =0.5.4, =0.1.1, =0.6.0, =1.0.0, =0.4.0, =2.4.2, =0.1.0, =0.1.2, =0.1.0, =0.5.0, =0.7.0 and more Source cves: CVE-2025-51427 Source advisory: OSV:GHSA-FHHQ-H4HG-549X...

8.1CVSS5.4AI score0.00529EPSS
Exploits0
Rows per page
Query Builder