7 matches found
Memory Allocation with Excessive Size Value
Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the AbstractModelReader class. An attacker can cause the application ...
EUVD-2026-0750
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation...
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
PYSEC-2025-212
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...
CVE-2021-41127
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...
Remote Code Execution (RCE)
PyTorch is vulnerable to Remote Command Execution RCE. The vulnerability is due to unsafe deserialization due to the use of torch.loadweightsonly=True on untrusted model files, allowing an attacker to execute arbitrary code by supplying a maliciously crafted model...
PYSEC-2024-229
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in th...