Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.12 views

CVE-2025-14929

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious X-CLIP model, resulting in arbitrary code execution in the context o...

8.8CVSS7.9AI score0.00315EPSS
Exploits0References4
PyPA
PyPA
added 2025/12/23 9:15 p.m.45 views

PYSEC-2025-217

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/23 9:15 p.m.4 views

CVE-2025-14929

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS6.4AI score
Exploits0References1
OSV
OSV
added 2025/12/23 9:15 p.m.7 views

PYSEC-2025-217

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 9:15 p.m.4 views

CVE-2025-14929

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:4 p.m.14 views

CVE-2025-14929

CVE-2025-14929 concerns Hugging Face Transformers (X-CLIP) checkpoint conversion. The vulnerability stems from improper validation during checkpoint parsing, enabling deserialization of untrusted data and resulting in remote code execution in the process that handles the file. Attacker interactio...

7.8CVSS7.9AI score0.00315EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/23 9:4 p.m.30 views

CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.3 views

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...

7.8CVSS8AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52386

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists in Hugging Face Transformers related to the parsing of checkpoints, allowing remote attackers to execute arbitrary code. The issue stems from insufficient...

7.8CVSS7.9AI score0.00315EPSS
Exploits0References6
Rows per page
Query Builder