Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multimodal models, and can be used for both inference and training. Prior versions of Hugging Face Transformers, such as 5.3.0,...

EUVD-2025-25830

Malicious code in bioql PyPI...

CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

CVE-2020-15416

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

PT-2023-8022

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.11 Description: The vulnerability allows attackers to bypass authentication processes, enabling them to remotely execute arbitrary code. This issue is related to insufficient validation of incoming request...

PT-2023-36417 · Undefined · Undefined

Уязвимость программного средства для обслуживания, очистки и обеспечения безопасности операционных систем Windows Microsoft PC Manager связана с возможностью обхода аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, реализовать атаку на цепочку поставок и...

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible...

PT-2021-2786 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 9.0R3/9.1R1 and higher Description: The issue is related to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure. This...

CVE-2009-2168

cpanel/login.php in EgyPlus 7ammel aka 7ml 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters...