Lucene search
K

9919 matches found

NVD
NVD
added yesterday2 views

CVE-2026-20175

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS
Exploits0References1
NVD
NVD
added yesterday1 views

CVE-2025-71313

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...

Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-20175

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS6.1AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-20175 Cisco Finesse File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday1 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-5241

Affects huggingface/transformers (LightGlue model loading path) with vulnerability in LightGlueConfig when using AutoModel.from_pretrained() with trust_remote_code=False. Untrusted serialized config (config.json) propagates its trust_remote_code value into nested AutoConfig.from_pretrained() call...

8CVSS7.9AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-34084

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-24088

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

8.2CVSS5.8AI score0.00008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00046EPSS
Exploits0References1
EUVD
EUVD
added yesterday2 views

EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00046EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday41 views

OX Appsuite - Cross-Site Scripting

OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...

6.1CVSS6.4AI score0.26912EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday21 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6AI score0.04817EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-45946

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust remote code parameter, intended to prevent remote code execution, ...

8CVSS7.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-45986

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2021-4478

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...

8.3CVSS6.3AI score0.00013EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS0.00236EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00236EPSS
Exploits0References5
CVE
CVE
added 2 days ago6 views

CVE-2026-47117

OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...

9.8CVSS6.5AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder