29 matches found
PYSEC-2026-1506 Label Studio has a Path Traversal Vulnerability via image Field
Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
Command Injection
Overview @google/gemini-cli is a Gemini CLI Affected versions of this package are vulnerable to Command Injection via the processing of untrusted workspace folders in headless mode and the handling of tool allowlisting under --yolo mode. An attacker can execute arbitrary code by submitting...
GHSA-WPQR-6V78-JR5G Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
MAL-2026-2845 Malicious code in node-red-contrib-yolo-object-detection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview node-red-contrib-yolo-object-detection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious code in node-red-contrib-yolo-object-detection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...
EUVD-2021-18566
Malware in sbrugna...
EUVD-2021-18567
Malware in sbrugna...
Microsoft GitHub Copilot Remote Code Execution Vulnerability
GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...
Microsoft GitHub Copilot and Visual Studio 命令注入漏洞
GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...
ShrinkBox: Backdoor Attack on Object Detection to Disrupt Collision Avoidance in Machine Learning-Based Advanced Driver Assistance Systems
Advanced Driver Assistance Systems ADAS significantly enhance road safety by detecting potential collisions and alerting drivers. However, their reliance on expensive sensor technologies such as LiDAR and radar limits accessibility, particularly in low- and middle-income countries. Machine...
CVE-2021-31681
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...
CVE-2021-31680
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file...
yolo-blog.com Cross Site Scripting vulnerability OBB-4041680
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PYSEC-2024-154 A number of releases of ultralytics contained malicious crypto miner software.
Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI...
Malicious Embedded Code
Overview ultralytics is an Ultralytics YOLOv8 for SOTA object detection, multi-object tracking, instance segmentation, pose estimation and image classification. Affected versions of this package are vulnerable to Malicious Embedded Code. These versions have been compromised to install an xmrig...
CVE-2021-31680
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file...
CVE-2021-31681
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...
CVE-2021-31681
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...