36 matches found
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
EUVD-2026-8855
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
CVE-2026-3071
The CVE concerns Flair’s LanguageModel class where deserialization of untrusted data in versions 0.4.1 to latest allows arbitrary code execution when loading a malicious model. The issue, with CVSSv3.1 metrics indicating HIGH severity (Local access, no user interaction, full scope and high confid...
flair 安全漏洞
Flair is a very simple and advanced NLP framework developed by Flair OpenSource. There are security vulnerabilities in Flair versions 0.4.1 onwards. These vulnerabilities stem from the LanguageModel class’s ability to deserialize untrusted data, which may allow arbitrary code to be executed when...
PT-2026-22151
Name of the Vulnerable Software and Affected Versions Flair versions 0.4.1 through latest Description The deserialization of untrusted data in the LanguageModel class can lead to arbitrary code execution when loading a malicious model. Recommendations Versions prior to 0.4.1 are not affected. At...
EUVD-2019-6357
Malware in sbrugna...
EUVD-2019-6334
Malware in sbrugna...
EUVD-2024-3009
Malicious code in bioql PyPI...
MAL-2025-8068 Malicious code in @hopper-b2b/flair (npm)
The package @hopper-b2b/flair was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in @hopper-b2b/flair (npm)
The package @hopper-b2b/flair was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
CVE-2019-15356
The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...
CVE-2019-15333
The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to programmaticall...
flair code injection vulnerability
flair is a very simple state-of-the-art NLP framework open-sourced by flair. A code injection vulnerability exists in flair version 0.14.0, which stems from the function ClusteringModel in the file flairmodelsclustering.py that leads to code injection. No detailed vulnerability details are provid...
Flair allows arbitrary code execution
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...
CVE-2024-10073
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...
Arbitrary Code Injection
Overview flair is an A very simple framework for state-of-the-art NLP Affected versions of this package are vulnerable to Arbitrary Code Injection through the function ClusteringModel of the file flair\models\clustering.py. An attacker can execute arbitrary code by manipulating the input data to...