268 matches found
CVE-2025-11844
Hugging Face Smolagents 1.20.0 has an XPath injection in search_item_ctrl_f (vision_web_browser.py) where user input is concatenated into XPath queries without sanitization, allowing attackers to modify query logic, bypass filters, and access unintended DOM elements, potentially disrupting AI web...
CVE-2025-11844 XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 1.20.0, which stems from the searchitemctrlf function splicing user input directly into XPath...
EUVD-2019-1143
Malware in sbrugna...
EUVD-2013-0516
Malware in sbrugna...
EUVD-2012-4765
Malware in sbrugna...
EUVD-2020-17853
Malware in sbrugna...
EUVD-2012-4762
Malware in sbrugna...
EUVD-2016-9966
Malware in sbrugna...
EUVD-2015-5913
Malware in sbrugna...
EUVD-2022-46810
Malicious code in bioql PyPI...
EUVD-2023-30085
Malicious code in bioql PyPI...
EUVD-2024-38090
Malicious code in bioql PyPI...
EUVD-2022-27391
Malicious code in bioql PyPI...
EUVD-2022-27390
Malicious code in bioql PyPI...
EUVD-2022-4058
Malicious code in bioql PyPI...
EUVD-2023-1617
Malicious code in bioql PyPI...
CVE-2025-54251 Adobe Experience Manager | XML Injection (aka Blind XPath Injection) (CWE-91)
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access...
CVE-2025-54251 Adobe Experience Manager | XML Injection (aka Blind XPath Injection) (CWE-91)
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access...
CVE-2025-20218 Cisco Secure Firepower Management Center Software XPATH Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could...