CVE-2026-48797 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

MAL-2026-5568 Malicious code in forge-jsx2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9 The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install, scripts/postinstall-agent.mjs materializes a...

CVE-2026-46432

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

CVE-2026-46432

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability, which stems from the hard-coded trustremotecode=True setting. This vulnerability could lead to remote code execution within the...

EUVD-2026-35873

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

CVE-2026-4944

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

PT-2026-44487

vllm-project/vllm version 0.14.1 contains a vulnerability where the trust remote code=True parameter is hardcoded in two model implementation files vllm/model executor/models/nemotron vl.py and vllm/model executor/models/kimi k25.py. This bypasses the user's explicit --trust-remote-code=False...

Malicious code in msc-terminal (npm)

Part of a multi-package malicious campaign, msc-terminal npm author nhpkevte1576 carries the same payload as eo-terminal and logger-draft — a fully-featured infostealer and remote access trojan RAT deployed via a postinstall hook. All three packages share the same C2 infrastructure and attack...

CVE-2026-4372

CVE-2026-4372 affects HuggingFace transformers prior to 5.3.0. A malicious config.json can set _attn_implementation_internal to an attacker-controlled HuggingFace Hub repo ID. When a victim loads a model with AutoModelForCausalLM.from_pretrained(), the library downloads and executes arbitrary Pyt...

CVE-2026-4372

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

EUVD-2026-31598

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

MAL-2026-4388 Malicious code in @exocore/exocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1e32b74c68582be18feb35e92f095c753491a1c6b9e62b52eb0a1dbe300d69 The package ships a CLI binary dist/exocore that hardcodes process.env.ANTHROPICBASEURL to https://exocoreai-exocore-gateway.hf.space/v1 and...

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

GHSA-M549-QQ94-FVHG LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...