GHSA-FHHQ-H4HG-549X ModelScope is vulnerable to arbitrary code injection via a crafted module

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

ModelScope is vulnerable to arbitrary code injection via a crafted module

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

PT-2026-41930

Name of the Vulnerable Software and Affected Versions ModelScope version 1.25.0 Description An issue allows attackers to execute arbitrary code through a crafted module specified in the configuration file 'dey mini.yaml' under the key 'nnet''module'. Recommendations At the moment, there is no...

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

SUSE CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

CVE-2026-40960

CVE-2026-40960 : Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. When at least one mod is listed as secure.trusted_mods or secure.http_mods , a crafted mod can intercept the request for the insecure environment or HTTP API and also gain access to it. This vul...

EUVD-2019-4397

Malware in sbrugna...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

SUSE CVE-2011-2912

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/loads3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset...

SUSE CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

UBUNTU-CVE-2022-34927

MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file...

Denial of service

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: Straghkov Denis,...

ONAP SDNC Operating System Command Injection Vulnerability

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC versions prior to 4.0.0. The vulnerability can be exploited to execute arbitrary commands with the help of a specially crafted 'module' parameter...

CVE-2019-12113

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12113

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...

Design/Logic Flaw

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...

Design/Logic Flaw

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12123

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...