CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2026/04/01 12:3 a.m.•2 views

EUVD-2024-0217

TorchGeo Remote Code Execution Vulnerability...

8.1CVSS5.9AI score0.01221EPSS

Exploits0References10

vulnersOsv•added 2026/04/01 12:3 a.m.•3 views

geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)

torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: OSV:GHSA-GHQ9-VC6F-8QJF...

8.1CVSS5.8AI score0.01221EPSS

Exploits0

OSV•added 2026/04/01 12:3 a.m.•4 views

GHSA-GHQ9-VC6F-8QJF TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...

8.1CVSS6.2AI score0.01221EPSS

Exploits0References9

Github Security Blog•added 2026/04/01 12:3 a.m.•9 views

TorchGeo Remote Code Execution Vulnerability

8.1CVSS6.2AI score0.01221EPSS

Exploits0References9Affected Software1

Veracode•added 2025/12/13 7:47 a.m.•7 views

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

8.1CVSS6.3AI score0.01221EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2024/11/15 12:0 a.m.•15 views

torchgeo Python Library < 0.6.1 RCE

The version of the torchgeo Python library installed on the remote host is prior to 0.6.1. It is, therefore, affected by a remote code execution vulnerability. The usage of 'eval' in torchgeo's 'getweight' API function could allow an unauthenticated, remote attacker to execute arbitrary commands...

8.1CVSS6.8AI score0.01221EPSS

Exploits0References2

BDU FSTEC•added 2024/11/15 12:0 a.m.•4 views

The vulnerability of the Microsoft TorchGeo library for working with geospatial data, related to improper code generation management, allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft TorchGeo library for working with geospatial data is related to improper code generation management. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary code...

8.1CVSS5.9AI score0.01221EPSS

Exploits0References4Affected Software1

vulnersOsv•added 2024/11/12 6:43 p.m.•1 views

geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)

torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: SNYK:PYTHON-TORCHGEO-8370211...

8.1CVSS5.8AI score0.01221EPSS

Exploits0

Snyk•added 2024/11/12 6:43 p.m.•2 views

Arbitrary Code Injection

Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...

9.2CVSS8.2AI score0.01221EPSS

Exploits0References2

OSV•added 2024/11/12 6:30 p.m.•7 views

GHSA-G5VP-J278-8PJH Duplicate Advisory: TorchGeo Remote Code Execution Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ghq9-vc6f-8qjf. This link is maintained to preserve external references. Original Description TorchGeo Remote Code Execution Vulnerability...

8.1CVSS5.8AI score0.01221EPSS

Exploits0References6

Github Security Blog•added 2024/11/12 6:30 p.m.•19 views

Duplicate Advisory: TorchGeo Remote Code Execution Vulnerability

8.1CVSS5.8AI score0.01221EPSS

Exploits0References6Affected Software1

vulnersOsv•added 2024/11/12 6:15 p.m.•1 views

geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)

torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: OSV:PYSEC-2024-204...

8.1CVSS5.8AI score0.01221EPSS

Exploits0

PyPA•added 2024/11/12 6:15 p.m.•7 views

PYSEC-2024-204

TorchGeo Remote Code Execution Vulnerability...

8.1CVSS7.5AI score0.01221EPSS

Exploits0References3Affected Software1

NVD•added 2024/11/12 6:15 p.m.•39 views

CVE-2024-49048

TorchGeo Remote Code Execution Vulnerability...

8.1CVSS0.01221EPSS

Exploits0References1

OSV•added 2024/11/12 6:15 p.m.•7 views

PYSEC-2024-204

TorchGeo Remote Code Execution Vulnerability...

8.1CVSS7.9AI score0.01221EPSS

Exploits0References3

OSV•added 2024/11/12 6:15 p.m.•17 views

CVE-2024-49048

TorchGeo Remote Code Execution Vulnerability...

8.1CVSS7.4AI score0.01221EPSS

Exploits0References1

Cvelist•added 2024/11/12 5:54 p.m.•40 views

CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability

...

8.1CVSS0.01221EPSS

Exploits0References1

CVE•added 2024/11/12 5:54 p.m.•73 views

CVE-2024-49048

CVE-2024-49048 affects the TorchGeo Python library: versions prior to 0.6.1 are vulnerable to remote code execution because the get_weight() API uses eval(), enabling an unauthenticated remote attacker to run arbitrary commands. The Nessus entry corroborates this RCE claim for

8.1CVSS8.3AI score0.01221EPSS

Exploits0References1Affected Software1