72 matches found
CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...
CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...
CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...
CVE-2025-34396
MailEnable
CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...
Missing Authorization
Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
EUVD-2025-31012
Malicious code in bioql PyPI...
CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...
CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...
Remote Code Execution (RCE)
llamafactory is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe loading of the vheadfile argument without the weightsonly=True safeguard, allowing attackers to exploit the Checkpoint path parameter via the WebUI to execute arbitrary code...
Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a...
Hitachi USB-CONVERTERCABLE DRIVER 安全漏洞
Hitachi USB-CONVERTERCABLE DRIVER is a driver from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi USB-CONVERTERCABLE DRIVER that originates from an unsafe loading of a dynamic link library, which could lead to local code execution or information disclosure...
PT-2024-20040
Name of the Vulnerable Software and Affected Versions LlamaHub aka llama-hub versions prior to 0.0.67 Description The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrary...
SUSE CVE-2021-37678
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...
GHSA-6H2X-4GJF-JC5W autogluon.multimodal vulnerable to unsafe YAML deserialization
Impact A potential unsafe deserialization issue exists within the autogluon.multimodal module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of untrusted data may allow an unprivileged third party to cause remote code execution, denial of service, and...
CVE-2022-31605
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...
PYSEC-2022-232
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...
Code injection
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
PYSEC-2021-848
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...