Lucene search
K

1127 matches found

OSV
OSV
added 2026/02/18 3:31 p.m.4 views

GHSA-JXGV-6J54-WWC7 Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

6.3CVSS6.3AI score0.00379EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.27 views

Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS5.5AI score0.00379EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data merging process, which may lead to code...

7.8CVSS5.8AI score0.00197EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data shuffling tutorial, which may lead to cod...

7.8CVSS5.9AI score0.00201EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2026/02/14 11:30 a.m.4 views

Ring Kills Flock Safety Deal After Super Bowl Ad Uproar

Plus: Meta plans to add face recognition to its smart glasses, Jared Kushner named as part of whistleblower’s mysterious national security complaint, and more...

5.5AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/02/11 4:32 p.m.6 views

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet...

5.5AI score
Exploits0
OSV
OSV
added 2026/02/02 12:31 p.m.5 views

GHSA-J7X9-7J54-2V3H Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS7.4AI score0.22494EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.6 views

Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/02 10:36 a.m.23 views

CVE-2026-0599

CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/01/28 8:17 p.m.4 views

Here’s the Company That Sold DHS ICE’s Notorious Face Recognition App

Immigration agents have used Mobile Fortify to scan the faces of countless people in the US—including many citizens...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 7:40 a.m.10 views

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegr...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

4.3CVSS6.3AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/10 12:30 a.m.4 views

EUVD-2025-206272

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 10:15 p.m.3 views

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 10:15 p.m.6 views

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

4.3CVSS0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 9:14 p.m.3 views

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

5.9AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 9:14 p.m.22 views

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/01/09 9:14 p.m.19 views

CVE-2025-46286

CVE-2025-46286 describes a logic issue in validation within BiometricKit affecting iOS and iPadOS prior to 26.2. The issue could delay the passcode requirement after Face ID enrollment when restoring from a backup. Apple’s advisories state the fix is included in iOS 26.2 and iPadOS 26.2. Impact i...

4.3CVSS5.9AI score0.00169EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.5 views

CVE-2022-38673

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel...

5.5CVSS6.1AI score0.00084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1803

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.2 iPadOS versions prior to 26.2 Description A logic issue exists related to validation. Restoring from a backup may prevent a passcode from being required immediately after Face ID enrollment. Recommendations Update to...

4.3CVSS6.5AI score0.00169EPSS
Exploits0References5
Rows per page
Query Builder