CVE-2025-67729

LMDeploy prior to v0.11.1 is affected by an insecure deserialization vulnerability in torch.load() called without weights_only=True when loading model checkpoint files (.bin/.pt). This can allow an attacker to execute arbitrary code on the victim's machine. The issue is patched in v0.11.1. Affect...

CVE-2025-68942

A flaw was found in Gitea. A remote attacker could exploit a Cross-Site Scripting XSS vulnerability by injecting malicious scripts into the search input box. This occurs because the application improperly uses v-html instead of v-text for rendering user input. Successful exploitation allows for t...

EUVD-2025-205455

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load...

GHSA-9PF3-7RRR-X5JH lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-59888

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

EUVD-2025-205430

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-67450

CVE-2025-67450 affects Eaton UPS Companion software due to insecure library loading in the executable. An attacker with access to the software package could perform arbitrary code execution (Local, High impact). The issue is fixed in the latest Eaton EUC version available from the Eaton download ...

CVE-2025-59888

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-59888

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-59887

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-68664

A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain's dumps and dumpd functions. This occurs because the functions do not properly escape dictionaries containing the interna...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

Eaton UPS Companion 安全漏洞

Eaton UPS Companion is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton UPS Companion that stems from an improperly referenced search path that could lead to the execution of arbitrary code by an attacker with file system access...

Eaton UPS Companion 安全漏洞

Eaton UPS Companion is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton UPS Companion, which stems from an insecure library load and could lead to the execution of arbitrary code by an attacker with access to the software package...

PT-2025-53453

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion affected versions not specified Description A flaw exists in the Eaton UPS Companion software installer related to improper handling of quotation marks in search paths. This could allow an attacker with file system access t...

PT-2025-53604

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.11.1 Description LMDeploy is a toolkit used for compressing, deploying, and serving LLMs. A flaw exists where the torch.load function is called without the weights only=True parameter when loading model checkpoint...