3 matches found
CVE-2026-31226
CVE-2026-31226 relates to a critical command-injection in TinyZero’s HDFS file operations utilities. The flaw stems from unsafe shell command construction and execution via os.system(), where user-controlled input (e.g., file paths) is interpolated using f-strings inside the _copy() function. An ...
CVE-2026-31254
The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...
CVE-2026-31254
The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...