1058 matches found
(0Day) Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...
PT-2025-52263
Name of the Vulnerable Software and Affected Versions Vega affected versions not specified Description The software contains a flaw due to inadequate input validation within the convert function when safeMode is active and the spec variable is an array. This allows an attacker to create a special...
(0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...
CVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function nullconvert is called based of...
CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
DEBIAN-CVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function nullconvert is called based of...
UBUNTU-CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
CVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function nullconvert is called based of...
CVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function nullconvert is called based of...
CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
CVE-2025-53618
CVE-2025-53618 affects Grassroot DICOM 3.024. An out-of-bounds read in JPEGBITSCodec::InternalCode can leak information when processing a malicious DICOM file; grayscale_convert is invoked based on the file contents. Documents do not provide a remediation or patch details. Exploitation requires a...
CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
EUVD-2025-203263
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
CVE-2025-14606 tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
CVE-2025-14606
CVE-2025-14606 affects tiny-rdm (up to version 1.2.5). The vulnerability lies in the Pickle Decoding component, specifically pickle_convert.go’s pickle.loads, enabling deserialization and a potentially remote attack. The CVE notes remote initiation, with high attack complexity and publicly disclo...
PT-2025-51115
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree o...
PT-2025-50297
Name of the Vulnerable Software and Affected Versions PipesHub versions prior to 0.1.0-beta Description PipesHub is a workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta have a missing authentication check on the POST /api/v1/record/buffer/convert...
CVE-2025-63952
A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-63953
A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
ALPINE-CVE-2025-64506
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...