CVE-2026-1839

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

CVE-2026-1839

CVE-2026-1839 concerns the HuggingFace Transformers library, affecting the Trainer class. The root cause is an unsafe load in src/transformers/trainer.py: _load_rng_state() calls torch.load() without weights_only=True, which can allow arbitrary code execution when loading a malicious checkpoint (...

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

Libraw 安全漏洞

Libraw is a C++ library developed by Libraw Inc. that processes RAW CRW/CR2, NEF, RAF, DNG, and other formats images. It supports various operating systems. LibRaw has a security vulnerability, which stems from an integer overflow in the uncompressedfpdngloadraw function, potentially leading to a...

IBM Verify Identity Access Authentication Bypass Vulnerability (CNVD-2026-16876)

IBM Verify Identity Access and Security Verify Access are a family of identity and access management solutions that provide user authentication and access control capabilities. An authentication bypass vulnerability exists in IBM Verify Identity Access. The vulnerability arises due to a flaw in t...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multi-modal models, and can be used for both inference and training. There is a security vulnerability in Hugging Face...

PT-2026-30834

Name of the Vulnerable Software and Affected Versions LibRaw Commit d20315b Description A heap-based buffer overflow vulnerability exists in the x3f load huffman functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to explo...

Apache ActiveMQ 安全漏洞

Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...

PT-2026-30858

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load grammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown...

PT-2026-30832

Name of the Vulnerable Software and Affected Versions LibRaw versions Commit 0b56545 and Commit d20315b Description A heap-based buffer overflow exists in the lossless jpeg load raw functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a...

Linux Distros Unpatched Vulnerability : CVE-2026-21413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted...

LibRaw lossless_jpeg_load_raw heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2331 LibRaw losslessjpegloadraw heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-21413 SUMMARY A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A...

PT-2026-30833

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to Commit 8dc68e2 Description An integer overflow exists in the uncompressed fp dng load raw functionality of LibRaw. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a...

PT-2026-30860

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load prompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerabilit...

Libraw 安全漏洞

Libraw is a C++ library developed by Libraw Inc. that processes RAW CRW/CR2, NEF, RAF, DNG, and other formats images. It supports various operating systems. Libraw has a security vulnerability, which stems from a heap buffer overflow in the losslessjpegloadraw function, potentially leading to a...

Text Generation Web UI 路径遍历漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained a path traversal vulnerability. This vulnerability stemmed from an unauthenticated path traversal vulnerability in the loadprompt function,...

PT-2026-30857

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load preset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

PT-2026-30829

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to Commit 8dc68e2 Description An integer overflow exists in the deflate dng load raw functionality of LibRaw. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file...

Libraw 安全漏洞

Libraw is a C++ library developed by Libraw Inc. that processes RAW CRW/CR2, NEF, RAF, DNG, and other formats images. It supports various operating systems. Libraw has a security vulnerability, which stems from an integer overflow in the deflatedngloadraw function, potentially leading to a heap...