13 matches found
CVE-2026-47117
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
PT-2026-45783
Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...
OpenClaw has an unspecified vulnerability (CNVD-2026-19641)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...
PT-2026-6705
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...
CVE-2025-23309
NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering...
The software for deploying and executing AI models, NVIDIA Triton Inference Server (previously TensorRT Inference Server), has vulnerabilities that allow attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service failures.
The vulnerability of the NVIDIA Triton Inference Server previously known as TensorRT Inference Server software for deploying and executing artificial intelligence models is related to errors in processing the relative path to the catalog during model loading. Exploiting this vulnerability can all...
The vulnerability of the providers.dll library in the Node.js software platform, related to HTTP request processing flaws, allows attackers to execute arbitrary code.
The vulnerability of the providers.dll library in the Node.js software platform is related to an uncontrolled search path during the loading of DLL libraries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Python code issue vulnerability (CNVD-2020-53314)
Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python Windows that stems from python3X.dll using an invalid search...
Malwarebytes Anti-Malware Remote Code Execution (CVE-2019-6739)
A remote code execution vulnerability exists in Malwarebytes Anti-Malware. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by enticing a us...
Cisco Webex Teams code Injection (CVE-2019-1636)
A remote code execution vulnerability exists in Cisco Webex Teams. The vulnerability is due to improper sanitation of user-supplied data which may be passed to the application as an option regarding the DLL loading path. Successful exploitation could result in code execution on the target machine...
Electronic Arts Origin Client URI Handler Remote Code Execution (CVE-2019-12828)
A remote code execution vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by...
dstat security update
0.6.6-3.1 - removed . and ./plugins from module loading path 538469...