Lucene search
K

1128 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/09 1:57 p.m.15 views

Meta’s face-recognition code raises new concerns about smart glasses

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.16 views

On the Study of Biometric Spoofing Detection Using Deep Learning

Biometric systems are increasingly deployed in security applications; however, they remain vulnerable to spoofing attacks, in which attackers exploit counterfeit biometric data to gain unauthorized access. This research evaluates the effectiveness of state-of-the-art machine learning models,...

5.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/08 5:31 p.m.24 views

Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report

The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.6AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.4AI score0.00562EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2026/06/04 5:28 p.m.16 views

Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones

Code reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.9 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/29 7:35 a.m.91 views

Exploit for XPath Injection in Huggingface Smolagents

🔐 Smolagents XPath Injection Simulation Framework CVE-2025-11...

5.4CVSS6AI score0.00252EPSS
Exploits2
OSV
OSV
added 2026/05/25 10:4 a.m.12 views

MAL-2026-4823 Malicious code in msc-terminal (npm)

Part of a multi-package malicious campaign, msc-terminal npm author nhpkevte1576 carries the same payload as eo-terminal and logger-draft — a fully-featured infostealer and remote access trojan RAT deployed via a postinstall hook. All three packages share the same C2 infrastructure and attack...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/24 3:54 p.m.24 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of model configuration files, an attacker can craft a malicious config.json file...

8.5CVSS7.2AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multimodal models, and can be used for both inference and training. Prior versions of Hugging Face Transformers, such as 5.3.0,...

7.8CVSS7.5AI score0.00479EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 8:33 a.m.9 views

Malicious code in pinno-loggers (npm)

pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:33 a.m.9 views

MAL-2026-4196 Malicious code in pinno-loggers (npm)

pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:21 a.m.13 views

MAL-2026-4197 Malicious code in pretty-logger-utils (npm)

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:52 a.m.11 views

Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/05/20 6:43 a.m.19 views

MAL-2026-4198 Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

5.9AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS7.7AI score0.0225EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in the SVG implementation in Blink, as used in Google Chrome before version 35.0.1916.114. This vulnerability allows remote attackers to cause a denial of service or potentially cause unspecified other impacts through vectors that trigger the removal of an...

7.5CVSS7.2AI score0.01667EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 5:16 p.m.12 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1
Rows per page
Query Builder