Lucene search
K

9 matches found

OSV
OSV
added 2026/04/28 9:34 a.m.8 views

GHSA-R5HP-3CGJ-J6XV Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.8AI score0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 9:34 a.m.11 views

Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.8AI score0.00105EPSS
Exploits0References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/04/27 12:0 a.m.8 views

ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Only applications that use TransformersEmbeddingModel and have the cache enabled, using the default location, are affected...

6.1CVSS5.9AI score0.00105EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24154

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00727EPSS
Exploits1References4
NVD
NVD
added 2025/08/11 4:15 p.m.6 views

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

9.8CVSS0.00727EPSS
Exploits1References4
OSV
OSV
added 2025/08/11 4:15 p.m.5 views

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

9.8CVSS8.5AI score0.00727EPSS
Exploits1References4
CVE
CVE
added 2025/08/11 12:0 a.m.35 views

CVE-2025-45146

CVE-2025-45146 applies to ModelCache for LLM through v0.2.0, where a deserialization vulnerability in /manager/data_manager.py allows arbitrary code execution via crafted data. The CVE’s CVSSv3.1 vector yields a base score of 9.8 (CRITICAL) with network attack vector, no privileges required, and ...

9.8CVSS8.5AI score0.00727EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/11 12:0 a.m.3 views

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

8.5AI score0.00727EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.4 views

PT-2025-32556 · Unknown · Modelcache For Llm

Name of the Vulnerable Software and Affected Versions: ModelCache for LLM versions through 0.2.0 Description: ModelCache for LLM through version 0.2.0 contains a deserialization vulnerability in the /manager/data manager.py component. This allows attackers to execute arbitrary code by supplying...

9.8CVSS7.9AI score0.00727EPSS
Exploits1References10
Rows per page
Query Builder