Lucene search
+L

38 matches found

euvd
euvd
added 2026/07/08 3:32 p.m.7 views

EUVD-2026-42290

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
cve
cve
added 2026/07/08 12:0 a.m.11 views

CVE-2026-24698

CVE-2026-24698 concerns an OS command injection in the Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8) devices. The vulnerability exists in the save_syslog_to_file() function of the Cisco httpd binary, where the model_name configuration parameter is not properly san...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.10 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.3AI score0.00915EPSS
Exploits0References1
osv
osv
added 2026/06/04 6:45 p.m.10 views

MINI-X64M-PC48-8M8F

Bulletin has no description...

8.8CVSS5.7AI score0.00314EPSS
Exploits0
snyk
snyk
added 2026/06/02 6:25 p.m.4 views

Arbitrary Code Injection

Overview openmed is an OpenMed delivers state-of-the-art biomedical and clinical LLMs that rival proprietary enterprise stacks, unifying model discovery, advanced extractions, and one-line orchestration. Affected versions of this package are vulnerable to Arbitrary Code Injection via the modelnam...

9.8CVSS6.3AI score0.00915EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/19 12:59 p.m.48 views

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS0.00941EPSS
Exploits3References4
osv
osv
added 2026/03/04 5:28 a.m.4 views

MINI-FGR2-JRMP-6VG2

Bulletin has no description...

8.6CVSS5.9AI score0.00472EPSS
Exploits0
euvd
euvd
added 2025/12/02 6:30 p.m.7 views

EUVD-2025-200290

A vulnerability has been found in D-Link R15 AX1500 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd...

7.2AI score0.01054EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/12/02 12:0 a.m.3 views

CVE-2025-60854

A vulnerability has been found in D-Link R15 AX1500 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd...

7.3AI score0.01054EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/02 12:0 a.m.7 views

D-Link R15 安全漏洞

D-Link R15 is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link R15 that originates from the incorrect operation of the model name parameter during a password change request in the web administrator page, which could lead to command injection...

9.8CVSS7AI score0.01054EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/02 12:0 a.m.14 views

CVE-2025-60854

A vulnerability has been found in D-Link R15 AX1500 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd...

0.01054EPSS
Exploits0References1
nvd
nvd
added 2025/09/17 10:15 p.m.7 views

CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code...

9.8CVSS0.00663EPSS
Exploits0References1
osv
osv
added 2025/09/17 10:15 p.m.4 views

CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code...

9.8CVSS6.3AI score0.00663EPSS
Exploits0References1
cve
cve
added 2025/09/17 9:58 p.m.31 views

CVE-2025-23316

CVE-2025-23316 concerns the NVIDIA Triton Inference Server (Windows and Linux) where the Python backend vulnerability allows remote code execution by manipulating the model name in model control APIs. The issue can also lead to denial of service, information disclosure, and data tampering. Public...

9.8CVSS7.6AI score0.00663EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/17 9:58 p.m.10 views

CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code...

9.8CVSS0.00663EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/09/16 12:0 a.m.10 views

PT-2025-38129

Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server versions prior to 25.08 Description: NVIDIA Triton Inference Server contains a vulnerability in the Python backend that allows for remote code execution. An attacker can exploit this by manipulating the model na...

10CVSS7.6AI score0.00663EPSS
Exploits0References12
osv
osv
added 2025/06/09 3:15 p.m.5 views

CVE-2025-5884

A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack...

5.4CVSS3.7AI score
Exploits0References4
cnnvd
cnnvd
added 2025/06/09 12:0 a.m.6 views

Konica Minolta bizhub 代码注入漏洞

The Konica Minolta bizhub is a multifunction printer from the Japanese company Konica Minolta. A code injection vulnerability exists in Konica Minolta bizhub 20250202 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter Model Name...

5.4CVSS4.7AI score0.00241EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/23 6:42 a.m.9 views

CVE-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS5.2AI score0.00442EPSS
Exploits1References1
cve
cve
added 2024/10/21 12:14 p.m.170 views

CVE-2024-47742

CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...

7.8CVSS7.9AI score0.00286EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder