CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

CVE-2026-5455

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

CVE-2024-2217

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...

EUVD-2021-0523

Malware in sbrugna...

EUVD-2020-19336

Malware in sbrugna...

EUVD-2025-7406

Malicious code in bioql PyPI...

EUVD-2024-41257

Malicious code in bioql PyPI...

CVE-2020-26800

A stack overflow vulnerability in Aleth Ethereum C++ client version = 1.8.0 using a specially crafted a config.json file may result in a denial of service...

CVE-2025-27787 Applio allows a DoS in restart.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service DoS in restart.py. modelname in train.py takes user input, and passes it to the stoptrain function in restart.py, which uses it construct a path to a folder with config.json. That config.json is...

CVE-2025-27787

Applio (versions 3.2.8-bugfix and earlier) is affected by a DoS when restart.py executes. The train.py model_name parameter accepts user input and passes it to stop_train in restart.py, which constructs a path to a folder containing config.json. The config.json’s process_pids list is read and all...

Arbitrary Code Execution (ACE)

Keras is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insecure deserialization, where the Model.loadmodel function processes a malicious .keras archive, allowing arbitrary Python modules and functions to be executed by modifying the config.json file...

Arbitrary Code Execution via Crafted Keras Config for Model Loading

Impact The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their...

CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550 Arbitrary Code Execution via Crafted Keras Config for Model Loading

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550

CVE-2025-1550 concerns a vulnerability in Keras where the Model.load_model function can execute arbitrary code via a malicious .keras archive that alters config.json to load modules/functions with crafted arguments. The issue persists even with safe_mode enabled, enabling potential code execution...

PT-2024-31663 · Red Hat · Openshift +1

Name of the Vulnerable Software and Affected Versions: OpenShift versions 4 JBoss Fuse version 7 Description: A flaw was found in the build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build po...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat USA that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift. An attacker can exploit the vulnerability to cause a denial of service by modifyin...

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...