86 matches found
GHSA-J7X9-7J54-2V3H Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
CVE-2026-0599
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
CVE-2026-0599
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
EUVD-2026-5137
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
CVE-2026-0599
CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...
Text Generation Inference 资源管理错误漏洞
Text Generation Inference is a Rust, Python, and gRPC server developed by Hugging Face for text generation inference. Version 3.3.6 of Text Generation Inference contains a resource management vulnerability. This vulnerability stems from the unlimited acquisition of external images during input...
PT-2026-5654
Name of the Vulnerable Software and Affected Versions huggingface/text-generation-inference version 3.3.6 huggingface/text-generation-inference versions prior to 3.3.7 Description A flaw exists in huggingface/text-generation-inference that allows unauthenticated remote attackers to cause a...
CVE-2025-12488
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
CVE-2025-12488
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
CVE-2025-12488
The CVE-2025-12488 issue affects oobabooga text-generation-webui. The vulnerability is caused by improper validation of the trust_remote_code argument in the /load endpoint, allowing an attacker to load a model with untrusted input and execute arbitrary code in the service account context. Auth i...
CVE-2025-12488 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
Text Generation Web UI 安全漏洞
Text Generation Web UI is a UI interface for native AI by oobabooga individual developers. A security vulnerability exists in Text Generation Web UI that stems from improper handling of the trustremotecode parameter in the load endpoint, which could lead to remote code execution...
Text Generation Web UI 安全漏洞
Text Generation Web UI is a UI interface for native AI by oobabooga individual developers. A security vulnerability exists in Text Generation Web UI that stems from improper handling of the trustremotecode parameter, which could lead to remote code execution...
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trustremotecode parameter provided to the load...
PT-2025-44565
Name of the Vulnerable Software and Affected Versions oobabooga text-generation-webui version 2.5 Description The software contains a remote code execution issue stemming from reliance on untrusted inputs. This allows attackers to execute arbitrary code on affected systems without authentication...
CVE-2025-3933 vulnerabilities
Vulnerabilities for packages: text-generation-inference...
CVE-2025-6921 vulnerabilities
Vulnerabilities for packages: text-generation-inference...
GHSA-RCV9-QM8P-9P6J vulnerabilities
Vulnerabilities for packages: text-generation-inference...