Lucene search
K

29 matches found

OSV
OSV
added 2 days ago6 views

PYSEC-2026-1506 Label Studio has a Path Traversal Vulnerability via image Field

Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...

8.7CVSS6.2AI score0.00708EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/24 7:30 p.m.56 views

Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...

6.5AI score
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/04/24 7:30 p.m.9 views

Command Injection

Overview @google/gemini-cli is a Gemini CLI Affected versions of this package are vulnerable to Command Injection via the processing of untrusted workspace folders in headless mode and the handling of tool allowlisting under --yolo mode. An attacker can execute arbitrary code by submitting...

9.8CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/04/24 7:30 p.m.5 views

GHSA-WPQR-6V78-JR5G Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...

10CVSS6.4AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 11:30 a.m.5 views

MAL-2026-2845 Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/17 11:30 a.m.6 views

Malicious Package

Overview node-red-contrib-yolo-object-detection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 11:30 a.m.11 views

Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18566

Malware in sbrugna...

7.8CVSS7.6AI score0.00389EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18567

Malware in sbrugna...

7.8CVSS7.6AI score0.00389EPSS
Exploits1References2
CNVD
CNVD
added 2025/08/14 12:0 a.m.4 views

Microsoft GitHub Copilot Remote Code Execution Vulnerability

GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...

7.8CVSS8.9AI score0.02559EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.4 views

Microsoft GitHub Copilot and Visual Studio 命令注入漏洞

GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...

7.8CVSS8.8AI score0.02559EPSS
Exploits2References1
Packet Storm News
Packet Storm News
added 2025/07/22 12:0 a.m.4 views

ShrinkBox: Backdoor Attack on Object Detection to Disrupt Collision Avoidance in Machine Learning-Based Advanced Driver Assistance Systems

Advanced Driver Assistance Systems ADAS significantly enhance road safety by detecting potential collisions and alerting drivers. However, their reliance on expensive sensor technologies such as LiDAR and radar limits accessibility, particularly in low- and middle-income countries. Machine...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:32 p.m.4 views

CVE-2021-31681

Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...

7.8CVSS7.8AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:32 p.m.11 views

CVE-2021-31680

Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file...

7.8CVSS7.8AI score0.00389EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2025/04/01 5:51 p.m.3 views

yolo-blog.com Cross Site Scripting vulnerability OBB-4041680

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2024/12/10 7:19 p.m.9 views

PYSEC-2024-154 A number of releases of ultralytics contained malicious crypto miner software.

Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI...

8.7CVSS7.3AI score
Exploits0References7
Snyk
Snyk
added 2024/12/05 10:0 p.m.5 views

Malicious Embedded Code

Overview ultralytics is an Ultralytics YOLOv8 for SOTA object detection, multi-object tracking, instance segmentation, pose estimation and image classification. Affected versions of this package are vulnerable to Malicious Embedded Code. These versions have been compromised to install an xmrig...

9.8CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2023/07/31 2:15 p.m.26 views

CVE-2021-31680

Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file...

7.8CVSS7.9AI score0.00389EPSS
Exploits1References1
OSV
OSV
added 2023/07/31 2:15 p.m.3 views

CVE-2021-31681

Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...

7.8CVSS6.1AI score0.00389EPSS
Exploits1References1
NVD
NVD
added 2023/07/31 2:15 p.m.27 views

CVE-2021-31681

Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...

7.8CVSS7.9AI score0.00389EPSS
Exploits1References1
Rows per page
Query Builder