Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2025/12/10 4:7 p.m.2 views

CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS7AI score0.0015EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/10 4:7 p.m.33 views

CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS0.0015EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 6:11 p.m.2 views

CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

8.5CVSS7.3AI score0.00164EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:11 p.m.20 views

CVE-2025-34396

MailEnable

8.5CVSS7.3AI score0.00164EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/12/09 6:11 p.m.26 views

CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

8.5CVSS0.00164EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/02 6:32 a.m.2 views

Missing Authorization

Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...

5.4CVSS6.7AI score
Exploits0References3
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.10 views

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

6.9CVSS0.00228EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31012

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.01261EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2025/09/08 11:39 p.m.1 views

CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

8.8CVSS6.9AI score0.00684EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/07/15 8:40 p.m.11 views

CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.3CVSS0.00661EPSS
Exploits1References5
Veracode
Veracode
added 2025/07/01 4:31 a.m.5 views

Remote Code Execution (RCE)

llamafactory is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe loading of the vheadfile argument without the weightsonly=True safeguard, allowing attackers to exploit the Checkpoint path parameter via the WebUI to execute arbitrary code...

9.8CVSS8.4AI score0.0103EPSS
Exploits1References5Affected Software1
CERT
CERT
added 2025/04/03 12:0 a.m.20 views

Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions

Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a...

7.9AI score
Exploits0References4
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.3 views

Hitachi USB-CONVERTERCABLE DRIVER 安全漏洞

Hitachi USB-CONVERTERCABLE DRIVER is a driver from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi USB-CONVERTERCABLE DRIVER that originates from an unsafe loading of a dynamic link library, which could lead to local code execution or information disclosure...

7.3CVSS6.7AI score0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.3 views

PT-2024-20040

Name of the Vulnerable Software and Affected Versions LlamaHub aka llama-hub versions prior to 0.0.67 Description The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrary...

9.8CVSS7.7AI score0.01192EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.3 views

SUSE CVE-2021-37678

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

8.8CVSS6.8AI score0.00451EPSS
Exploits1References4
OSV
OSV
added 2022/09/21 9:42 p.m.2 views

GHSA-6H2X-4GJF-JC5W autogluon.multimodal vulnerable to unsafe YAML deserialization

Impact A potential unsafe deserialization issue exists within the autogluon.multimodal module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of untrusted data may allow an unprivileged third party to cause remote code execution, denial of service, and...

7.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/01 6:15 p.m.1 views

CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...

9.8CVSS5.7AI score0.0193EPSS
Exploits0References2
PyPA
PyPA
added 2022/07/01 6:15 p.m.6 views

PYSEC-2022-232

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...

9.8CVSS7.2AI score0.0193EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/08 11:15 p.m.18 views

Code injection

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

6.8CVSS7.7AI score0.02415EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/12/08 11:15 p.m.15 views

PYSEC-2021-848

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS7.8AI score0.02415EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder