10254 matches found
GHSA-4675-36F9-WF6R Picklescan does not block ctypes
Summary Picklescan doesnt flag ctypes module as a dangerous module, which is a huge issue. ctypes is basically a foreign function interface library and can be used to Load DLLs Call C functions directly Manipulate memory raw pointers. This can allow attackers to achieve RCE by invoking direct...
CVE-2025-67729
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...
CVE-2025-67450
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-67729
LMDeploy prior to v0.11.1 is affected by an insecure deserialization vulnerability in torch.load() called without weights_only=True when loading model checkpoint files (.bin/.pt). This can allow an attacker to execute arbitrary code on the victim's machine. The issue is patched in v0.11.1. Affect...
CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...
CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...
CVE-2025-67450
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-67450
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
EUVD-2025-205430
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-67450
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-67450
CVE-2025-67450 affects Eaton UPS Companion software due to insecure library loading in the executable. An attacker with access to the software package could perform arbitrary code execution (Local, High impact). The issue is fixed in the latest Eaton EUC version available from the Eaton download ...
CVE-2025-67450
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
PT-2025-53454
Name of the Vulnerable Software and Affected Versions Eaton UPS Companion software affected versions not specified Description The Eaton UPS Companion software contains a flaw related to insecure library loading. An attacker who has access to the software package could potentially execute arbitra...
lmdeploy 代码问题漏洞
lmdeploy is an InternLM open source toolkit for compressing, deploying and servicing LLM. A code issue vulnerability exists in versions of lmdeploy prior to 0.11.1 that stems from loading model checkpoint files without using the weightsonly parameter, which could lead to an attacker executing...
CVE-2025-8769
Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server...
CVE-2025-68350
In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent modulo operation i % maxracount, leading to a system crash. When...
CVE-2025-68350
In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent modulo operation i % maxracount, leading to a system crash. When...
PT-2025-53131
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the kexec functionality related to the ELF header buffer. The issue is identified by the kmemleak detector and occurs during the elf kexec load...
CVE-2025-14498
CVE-2025-14498 affects TradingView Desktop (Electron) due to an unsecured script loading location in the Electron framework, enabling local privilege escalation via an uncontrolled search path. The root cause is a misconfiguration that allows a low-privilege attacker who can run code on the targe...
PDFsam Enhanced 代码问题漏洞
PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A code issue vulnerability exists in PDFsam Enhanced that stems from an OpenSSL configuration that loads configuration files from insecure locations, potentially resulting in local elevation of privilege...