Lucene search
K

102 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-54499

A flaw was found in Stanza, a Stanford NLP Python library. Stanza model loaders, such as stanza.models.common.pretrain.Pretrain.load, attempt to safely load PyTorch checkpoint files. However, if this safe load fails due to an attacker-controllable pickle.UnpicklingError, the loaders fall back to ...

7.5CVSS6.5AI score0.00317EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders...

7.5CVSS6.4AI score0.00317EPSS
Exploits1References2
NVD
NVD
added last week6 views

CVE-2026-54499

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS0.00317EPSS
Exploits1References4
Cvelist
Cvelist
added last week35 views

CVE-2026-54499 Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS0.00317EPSS
Exploits1References4
CVE
CVE
added last week28 views

CVE-2026-54499

CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References4Affected Software1
OSV
OSV
added last week3 views

CVE-2026-54499 Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References6
OSV
OSV
added 2026/06/19 7:35 p.m.11 views

GHSA-V5JW-96JM-7H2C Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...

7.5CVSS6.5AI score0.00317EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Deserialization of Untrusted Data

Overview stanza is an A Python NLP Library for Many Human Languages, by the Stanford NLP Group Affected versions of this package are vulnerable to Deserialization of Untrusted Data while loading the lemma classifier due to unsafe fallback to torch.load..., weightsonly=False when the safe load...

7.7CVSS6.2AI score0.00317EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.10 views

Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...

7.5CVSS6.5AI score0.00317EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51062

Name of the Vulnerable Software and Affected Versions Stanza version 1.12.0 Description An issue exists where the software attempts to load PyTorch checkpoint files using a safe method but automatically falls back to an unsafe deserialization process when a pickle.UnpicklingError occurs. Because...

7.5CVSS6.2AI score0.00317EPSS
Exploits1References11
Circl
Circl
added 2026/06/18 7:32 p.m.9 views

CVE-2026-54499

creationtimestamp| type| source ---|---|--- 2026-06-18 19:32:55+00:00| published-proof-of-concept| https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c 2026-07-09 01:20:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hrarjta2z...

7.5CVSS5.9AI score0.00317EPSS
Exploits1References2
NVD
NVD
added 2026/06/02 9:16 a.m.17 views

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

8.8CVSS0.0015EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.8 views

Fedora 43 : prosody (2026-36c53b9ca8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-36c53b9ca8 advisory. Prosody 13.0.5 Upstream is pleased to announce a new minor release from their stable branch. This is a security release for the Prosody 13.0.x stabl...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.12 views

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS5.8AI score0.00237EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1017

Malware in sbrugna...

6.4CVSS6.1AI score0.02901EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8565

Malware in sbrugna...

5.8CVSS5.3AI score0.01723EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-1333

Malware in sbrugna...

5CVSS4.4AI score0.02826EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-0402

Malware in sbrugna...

5CVSS7.4AI score0.06242EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0001

Malware in sbrugna...

7.4CVSS7.3AI score0.0116EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5928

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01325EPSS
Exploits0References4
Rows per page
Query Builder