12 matches found
AzeoTech DAQFactory CTL File Parsing Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u472 icedtea-3.37.0: CVE-2025-53057: Fixed certificate handling leading to unauthorized creation, deletion or modification access to critical data bsc1252414 CVE-2025-53066: Fixed Path factories leading to...
CVE-2025-54415
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-53002
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
Insecure Deserialization
LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...
GHSA-F2F7-GJ54-6VPV LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
Description A critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file th...
Attacker can disable contract functionality
Lines of code Vulnerability details Impact Current setup of the protocol is vulnerable to a DoS attack. This can be achieved by anyone calling initialize on the implementation VRFNFTRandomDraw contract. With the implementation contract initialized the created clones cannot be re-initialized and...
CVE-2018-14379
Removed by vendor...