125 matches found
CVE-2026-41523
vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...
CVE-2026-45833
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
EUVD-2026-36484
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-5241
A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...
CVE-2026-47117
OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...
CVE-2026-42440
A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted binary model .bin file. This file contains an excessively large count field, which leads to an unbounded array allocation and triggers an OutOfMemoryError. Successful exploitation...
ChromaDB Python project has a pre-authentication code injection vulnerability
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
EUVD-2026-30779
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-45829
CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...
CVE-2026-44721 Open WebUI: Stored XSS via Model Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
CVE-2026-44721 Open WebUI: Stored XSS via Model Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...
CVE-2026-31252
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...
EUVD-2026-29503
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...
CVE-2026-31222
The Snorkel library prior to v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in Trainer.load(), where model checkpoints are loaded with torch.load() without weights_only=True. This allows deserialization of arbitrary Python objects via Pickle, enabling remote code execution w...
Mamba 安全漏洞
Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
PT-2026-40058
The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...