2 matches found
CVE-2026-45804 Diffusers: TOCTOU Trust Remote Code Bypass
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...
AZL-43612 CVE-2023-0778 affecting package podman 4.1.1-26
A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...