1127 matches found
GHSA-JXGV-6J54-WWC7 Hugging Face Smolagents has a Server-Side Request Forgery issue
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...
Hugging Face Smolagents has a Server-Side Request Forgery issue
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...
NVIDIA Megatron Bridge 代码注入漏洞
NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data merging process, which may lead to code...
NVIDIA Megatron Bridge 代码注入漏洞
NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data shuffling tutorial, which may lead to cod...
Ring Kills Flock Safety Deal After Super Bowl Ad Uproar
Plus: Meta plans to add face recognition to its smart glasses, Jared Kushner named as part of whistleblower’s mysterious national security complaint, and more...
CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’
US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet...
GHSA-J7X9-7J54-2V3H Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
CVE-2026-0599
CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...
Here’s the Company That Sold DHS ICE’s Notorious Face Recognition App
Immigration agents have used Mobile Fortify to scan the faces of countless people in the US—including many citizens...
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegr...
CVE-2025-46286
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...
EUVD-2025-206272
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...
CVE-2025-46286
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...
CVE-2025-46286
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...
CVE-2025-46286
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...
CVE-2025-46286
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...
CVE-2025-46286
CVE-2025-46286 describes a logic issue in validation within BiometricKit affecting iOS and iPadOS prior to 26.2. The issue could delay the passcode requirement after Face ID enrollment when restoring from a backup. Apple’s advisories state the fix is included in iOS 26.2 and iPadOS 26.2. Impact i...
CVE-2022-38673
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel...
PT-2026-1803
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.2 iPadOS versions prior to 26.2 Description A logic issue exists related to validation. Restoring from a backup may prevent a passcode from being required immediately after Face ID enrollment. Recommendations Update to...