CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2025/12/24 6:18 p.m.•2 views

CVE-2025-14921

A flaw was found in the Hugging Face Transformers library. The parsing of model files fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious Transformer-XL model, resulting in arbitrary code execution in the...

8.8CVSS7.9AI score0.00477EPSS

Exploits0References4

CVE•added 2025/12/23 9:4 p.m.•16 views

CVE-2025-14921

CVE-2025-14921 affects Hugging Face Transformers (Transformer-XL) with a flaw in parsing Transformer-XL model files that fails to validate untrusted input, enabling deserialization of untrusted data and remote code execution. The underlying cause is insufficient validation during model-file parsi...

7.8CVSS7.9AI score0.00477EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/23 9:4 p.m.•21 views

CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS0.00477EPSS

Exploits0References1

Vulnrichment•added 2025/12/23 9:4 p.m.•1 views

CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

7.8CVSS7.3AI score0.00477EPSS

Exploits0References1

CNNVD•added 2025/12/23 12:0 a.m.•2 views

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...

7.8CVSS8AI score0.00477EPSS

Exploits0References1

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52379

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists in Hugging Face Transformers due to insufficient validation of user-supplied data during the parsing of model files. This can lead to the deserialization of...

7.8CVSS7.8AI score0.00477EPSS

Exploits0References6

Zero Day Initiative•added 2025/12/18 12:0 a.m.•1 views

(0Day) Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.3AI score0.00477EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by