Lucene search
K

5 matches found

OSV
OSV
added 2026/06/02 6:31 p.m.3 views

GHSA-M3V4-V5GX-7WF5 OpenMed vulnerable to remote code injection through privacy-filter model loading path

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.4AI score0.00915EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.9 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.11 views

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45783

Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...

9.8CVSS6.2AI score0.00915EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.6 views

The software for deploying and executing AI models, NVIDIA Triton Inference Server (previously TensorRT Inference Server), has vulnerabilities that allow attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service failures.

The vulnerability of the NVIDIA Triton Inference Server previously known as TensorRT Inference Server software for deploying and executing artificial intelligence models is related to errors in processing the relative path to the catalog during model loading. Exploiting this vulnerability can all...

7.5CVSS7.9AI score0.00853EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder