Lucene search
K

12 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/12/17 12:0 a.m.4 views

AzeoTech DAQFactory CTL File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7AI score0.00187EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/11/10 3:5 p.m.6 views

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u472 icedtea-3.37.0: CVE-2025-53057: Fixed certificate handling leading to unauthorized creation, deletion or modification access to critical data bsc1252414 CVE-2025-53066: Fixed Path factories leading to...

8.7CVSS7.1AI score0.00633EPSS
Exploits0References8
NVD
NVD
added 2025/07/26 4:16 a.m.9 views

CVE-2025-54415

dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...

10CVSS0.00631EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/26 3:33 a.m.2 views

CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration

dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...

10CVSS7.2AI score0.00631EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/26 3:33 a.m.11 views

CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration

dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...

10CVSS0.00631EPSS
Exploits0References4
OSV
OSV
added 2025/07/26 3:33 a.m.7 views

CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration

dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...

10CVSS7.9AI score0.00631EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/06/28 3:17 p.m.7 views

CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

9.8CVSS8.7AI score0.0103EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 5:20 p.m.7 views

CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...

6.1CVSS7AI score0.00232EPSS
Exploits1References4
Veracode
Veracode
added 2025/04/29 6:55 a.m.10 views

Insecure Deserialization

LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...

7.5AI score
Exploits0
OSV
OSV
added 2025/04/23 10:21 p.m.14 views

GHSA-F2F7-GJ54-6VPV LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

Description A critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file th...

6.1CVSS8.1AI score0.00232EPSS
Exploits1References5
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.10 views

Attacker can disable contract functionality

Lines of code Vulnerability details Impact Current setup of the protocol is vulnerable to a DoS attack. This can be achieved by anyone calling initialize on the implementation VRFNFTRandomDraw contract. With the implementation contract initialized the created clones cannot be re-initialized and...

6.7AI score
Exploits0
Debian CVE
Debian CVE
added 2018/07/18 12:0 a.m.12 views

CVE-2018-14379

Removed by vendor...

8.8CVSS9.2AI score0.02179EPSS
Exploits0
Rows per page
Query Builder