PT-2026-41930

Name of the Vulnerable Software and Affected Versions ModelScope version 1.25.0 Description An issue allows attackers to execute arbitrary code through a crafted module specified in the configuration file 'dey mini.yaml' under the key 'nnet''module'. Recommendations At the moment, there is no...

modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by unknown CVE via ms-swift (>=1.3.0 <=3.10.3)

ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R54C-2XMF-2CF3...

CVE-2024-8487

A Cross-Origin Resource Sharing CORS vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized dat...

CVE-2024-8550

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...