CVE-2026-46517

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An information disclosure vulnerability exists in lunary that stems from a GET /projects API endpoint exposing all project public and private API keys to users with least privileges, which can be exploited by an attacker to obtain...

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...

Lunary Improper Access Control Vulnerability

lunary is lunary open source a production toolkit for LLM . An improper access control vulnerability exists in lunary, which can be exploited by an attacker to update any organization user as the organization owner...

lunary 安全漏洞

lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary. An attacker can exploit this vulnerability to obtain sensitive information...