Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading

Summary A critical arbitrary code execution vulnerability exists in HuggingFace Transformers' Trainer class. The loadrngstate method at src/transformers/trainer.py:3059 calls torch.load without the weightsonly=True parameter. While a safeglobals context manager wraps this call, it provides no...

PT-2026-1673

Name of the Vulnerable Software and Affected Versions NREL BEopt version 2.8.0.0 Description The software contains a DLL hijacking issue that enables attackers to load arbitrary libraries. This is achieved by deceiving users into opening application files from remote shares. The insecure loading ...

Software ARIS 安全漏洞

Software ARIS is a business process analysis tool from Software, Germany. A security vulnerability exists in Software ARIS version 10.0.23.0.3587512, which stems from a flaw in the file upload functionality that could lead to the execution of arbitrary code...

Panda3D 缓冲区错误漏洞

Panda3D is a cross-platform game engine from Panda3D open source. A security vulnerability exists in Panda3D 1.10.16 and earlier versions, which stems from the use of unbounded sprintf calls in egg-mkfont, and may result in stack buffer overflow, memory corruption, or arbitrary code execution...

PT-2026-1671

Name of the Vulnerable Software and Affected Versions devolo dLAN Cockpit version 4.3.1 Description The software contains an unquoted service path issue in the 'DevoloNetworkService'. This allows local, non-privileged users to potentially execute arbitrary code. Exploitation involves leveraging t...

National Instruments LabVIEW 2022 < 2022 Q3 Patch 7 / 2023 < 2023 Q3 Patch 8 / 2024 Q3 Patch 5 / 20205 < 2025 Q3 Patch 3 Multiple Vulnerabilities

The version of National Instruments NI LabVIEW installed on the remote Windows host is affected by multiple memory corruption vulnerabilities that may result in information disclosure or arbitrary code execution, including the following: - There is an out of bounds write vulnerability in NI LabVI...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2025-12793

CVE-2025-12793 affects AsusSoftwareManagerAgent with an uncontrolled DLL loading path vulnerability. The Red Hat and CVE records corroborate a local attacker could influence the process to load a DLL from an attacker-controlled location, potentially enabling arbitrary code execution. The PT-Secur...

Tenda M3 /goform/exeCommand File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the wrong operation of the parameter cmdinput in the file...

ASUS System Control Interface 安全漏洞

ASUS System Control Interface is a computer system control interface from Asus China. A security vulnerability exists in ASUS System Control Interface, which originates from an uncontrolled DLL load path that could lead to the execution of arbitrary code...

Forcepoint One DLP Client 安全漏洞

Forcepoint One DLP Client is an endpoint data protection agent software from Forcepoint, USA. A security vulnerability exists in Forcepoint One DLP Client version 23.04.5642, which stems from a restriction on the ctypes library that can be bypassed, potentially leading to the execution of arbitra...

Tenda M3 /goform/setAdInfoDetail File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the parameter...

Tenda M3 /goform/setAdPushInfo File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the incorrect operation of the parameter mac/terminal in the...

PT-2026-1396

Name of the Vulnerable Software and Affected Versions AsusSoftwareManagerAgent affected versions not specified Description An uncontrolled DLL loading path issue exists in AsusSoftwareManagerAgent. A local attacker may be able to influence the application to load a DLL from a location controlled ...

GHSA-829Q-M3QG-PH8R Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

DEBIAN-CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

CVE-2025-65110

CVE-2025-65110 affects Vega, a visualization grammar. Prior to versions 6.1.2 and 5.6.3, if an application both attaches the Vega library and a vega.View instance to the global window (or has other safe-function gadget in the global scope) and allows user-defined Vega JSON definitions, it is at r...