Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. There is a security vulnerability in Docker Model Runner MLX. This vulnerability stems from the unconditional import and execution of any Python file in the model directory. It may allow malicious models to be pulled...

PT-2026-42819

Name of the Vulnerable Software and Affected Versions Arm ArmNN versions prior to 2026-03-28 Description An integer overflow exists in the TensorShape::GetNumElements function within armnn/Tensor.cpp. This occurs when tensor dimensions are multiplied using 32-bit unsigned arithmetic without...

PT-2026-42831

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The MLX inference backend uses the MLX-LM library, which imports and executes arbitrary Python files from model directories via the model file configuration field in the...

BentoML 后置链接漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a post-link vulnerability. This vulnerability stemmed from the fact that the bui...

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

Linux Distros Unpatched Vulnerability : CVE-2026-8965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8965 Note that Nessus relies on...

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

Malicious code in mathepy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...

GHSA-QRC4-49GV-MV9M LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

EUVD-2026-31345

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

CVE-2026-8955

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the DOM: Workers component...

Ollama Scanner

This module identifies ollama instances and enumerates the LLM models which have been loaded and are running. Module Options msf use auxiliary/scanner/http/ollamainfo msf auxiliaryollamainfo show actions ...actions... msf auxiliaryollamainfo set ACTION msf auxiliaryollamainfo show options ...show...

Improper Validation of Integrity Check Value

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the Triton inference handler. An attacker can execute arbitrary code with the SageMaker execution role's IAM...

EUVD-2026-30423

Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler...

Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing...

GHSA-RQ6V-X3J8-7QGF Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing...

Cleartext Storage of Sensitive Information

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

GHSA-M549-QQ94-FVHG LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...