19611 matches found
Malicious code in n11-web-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 635a6c33b57671f2fb87f2c61834328fccebe10874b03573fbacc4b04c495fb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-9880
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-9016
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45595. Notes: All CVE users should reference CVE-2024-45595 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
PYSEC-2025-10
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7776
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7776
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7034
In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...
CVE-2024-11039
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-10096
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-7776
The CVE-2024-7776 issue affects the ONNX framework (onnx) in the download_model path, vulnerable in versions up to and including 1.16.1. The root cause is inadequate prevention of path traversal in tar files, allowing an attacker to overwrite arbitrary files in the user’s directory, with potentia...
CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7776
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039
CVE-2024-11039 affects binary-husky/gpt_academic
CVE-2024-9016
...
CVE-2024-9016
...
CVE-2024-9016
CVE-2024-9016 affects D-Tale (Man Group) for Pandas data structures, where versions