155 matches found
CVE-2026-10801
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-6605
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...
CVE-2026-6603
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
CVE-2026-6604
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
CVE-2026-6606
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...
mimic-kit (>=0.1.0 <=0.1.1), modelscope (>=1.9.0 <=1.9.1) +3 more potentially affected by CVE-2026-10801 via ms-swift (>=1.3.0 <=4.2.2)
ms-swift PYPI version =1.3.0, =0.1.0, =1.9.0, =1.3.0, =0.0.1, =0.1.2, =0.1.3 Source cves: CVE-2026-10801 Source advisory: SNYK:PYTHON-MSSWIFT-17152951...
CVE-2026-10801
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-10801
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-10801
CVE-2026-10801 affects modelscope ms-swift up to 4.2.0 and targets the PIL Image Cache Key Handler, specifically the function Template._save_pil_image in swift/template/base.py. The issue is a manipulation that results in the use of a weak hash, enabling a local attack. The CVE notes a high attac...
CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
EUVD-2026-34242
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...
PT-2026-46180
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...
ModelScope 安全漏洞
ModelScope is an open-source model service and inference training platform developed by ModelScope. Versions of ModelScope 4.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the Template.savepilimage function of the...
CVE-2025-51427
A flaw was found in ModelScope. This vulnerability allows a remote attacker to execute arbitrary code by providing a specially crafted module within the configuration file deymini.yaml under the 'nnet.module' key. Successful exploitation could lead to complete system compromise...
adaseq (=0.4.0), cosmos-predict2 (>=1.0.6 <=1.0.9) +20 more potentially affected by CVE-2025-51427 via modelscope (>=1.10.0 <=1.26.0)
modelscope PYPI version =1.10.0, =1.0.6, =0.5.4, =0.1.1, =0.6.0, =1.0.0, =0.4.0, =2.4.2, =0.1.0, =0.1.2, =0.1.0, =0.5.0, =0.7.0 and more Source cves: CVE-2025-51427 Source advisory: SNYK:PYTHON-MODELSCOPE-17223769...
Arbitrary Code Execution
Overview modelscope is a ModelScope: bring the notion of Model-as-a-Service to life. Affected versions of this package are vulnerable to Arbitrary Code Execution from the pipeline interface. There, a user can supply a malicious model that loads arbitrary modules via an acoustic-echo-cancellation...
adaseq (=0.4.0), cosmos-predict2 (>=1.0.6 <=1.0.9) +20 more potentially affected by CVE-2025-51427 via modelscope (>=1.10.0 <=1.26.0)
modelscope PYPI version =1.10.0, =1.0.6, =0.5.4, =0.1.1, =0.6.0, =1.0.0, =0.4.0, =2.4.2, =0.1.0, =0.1.2, =0.1.0, =0.5.0, =0.7.0 and more Source cves: CVE-2025-51427 Source advisory: OSV:GHSA-FHHQ-H4HG-549X...
ModelScope is vulnerable to arbitrary code injection via a crafted module
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
GHSA-FHHQ-H4HG-549X ModelScope is vulnerable to arbitrary code injection via a crafted module
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...