133 matches found
CVE-2026-12480
A flaw was found in Keras. An attacker can craft a malicious model archive or weights file containing a Virtual Dataset VDS that references external files on a victim's system. When a user loads this malicious model, the external file is transparently read. This vulnerability leads to information...
CVE-2026-58116
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
CVE-2026-58116
CVE-2026-58116 affects LLaMA-Factory up to version 0.9.5. A remote code execution vulnerability exists when a malicious model path is supplied via WebUI Chat/Training interfaces; unvalidated input is passed to AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with trust_remote_code=...
PYSEC-2026-514 Rasa Allows Remote Code Execution via Remote Model Loading
Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...
CVE-2026-41523
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...
CVE-2026-41523
vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...
Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders
Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...
CVE-2026-45833
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
EUVD-2026-36484
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45833
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-5241
A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...
CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
CVE-2026-47117
OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...
CVE-2026-42440
A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted binary model .bin file. This file contains an excessively large count field, which leads to an unbounded array allocation and triggers an OutOfMemoryError. Successful exploitation...
ChromaDB Python project has a pre-authentication code injection vulnerability
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...
EUVD-2026-30779
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...