Lucene search
K

252592 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 4:37 p.m.56 views

TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function

Summary A type-confusion bug in seroval ≤ 1.5.2 upstream advisory allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload. This is not an authentication bypa...

6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/14 4:33 p.m.9 views

EUVD-2026-30332

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:33 p.m.8 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/14 4:33 p.m.65 views

CVE-2026-44827

Diffusers prior to 0.38.0 is vulnerable to silent remote code execution when loading pipelines from Hugging Face Hub without trust_remote_code. If custom_pipeline is not supplied, _resolve_custom_pipeline_and_cls formats None as None.py; a repository containing a None.py with a subclass of Diffus...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 4:33 p.m.11 views

CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 4:33 p.m.38 views

CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS0.00562EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 4:26 p.m.67 views

EUVD-2026-30334

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 4:26 p.m.20 views

CVE-2026-44513

Diffusers 0.38.0 fixes a trust_remote_code bypass in DiffusionPipeline.from_pretrained that allowed arbitrary remote code execution when using custom_pipeline or local snapshots. Root cause: the security gate was checked inside DiffusionPipeline.download(), but some code paths bypassed download()...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/14 4:26 p.m.72 views

CVE-2026-44513 Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00865EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:26 p.m.7 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 4:26 p.m.8 views

CVE-2026-44513 Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.12 views

n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

9.9CVSS5.7AI score0.00634EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/14 4:17 p.m.6 views

GHSA-WRWR-H859-XH2R n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

9.4CVSS5.7AI score0.00634EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.12 views

n8n: HTTP Request Node Pagination Prototype Pollution to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. Patches The issue has been fixed in n8n...

9.9CVSS5.8AI score0.00632EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.9 views

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00632EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/14 4:17 p.m.6 views

GHSA-C8XV-5998-G76H n8n: HTTP Request Node Pagination Prototype Pollution to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. Patches The issue has been fixed in n8n...

9.4CVSS5.8AI score0.00632EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/05/14 4:7 p.m.9 views

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago...

9.8CVSS7.1AI score0.36157EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2026/05/14 3:11 p.m.6 views

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6AI score0.0295EPSS
Exploits2References1
CVE
CVE
added 2026/05/14 3:11 p.m.21 views

CVE-2026-42589

Gotenberg exposes an unauthenticated RCE via the /forms/pdfengines/metadata/write endpoint. The root cause is that JSON metadata keys are passed to ExifTool without validation; a newline in a key allows injection of ExifTool flags (e.g., -if), enabling arbitrary code execution as the Gotenberg pr...

9.8CVSS6AI score0.0295EPSS
In wildExploits2References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:57 p.m.16 views

FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

Summary POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2BAPIKEY is not configured — the common deployment case — Flowise executes this code inside a NodeVM sandbox...

9.9CVSS6.7AI score0.0082EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder