Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/09 11:5 p.m.36 views

CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS0.00148EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:30 a.m.13 views

Malicious code in xy-ai-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9025a3fddb0d31a5cd9114850b0ca859acf96e54649d4d2a9fe286b7ca015c xy-ai-chat ships a Lit web component whose bundled main entry hardcodes two plain-HTTP endpoints on a bare IPv4 address:...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:13 a.m.10 views

Malicious code in @hanssoft/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f83fb38a98b69c322df069a26c495101aa35682df8f83641b00e2ce40a99bd This package is a fork of the WhatsApp library Baileys whose metadata homepage, repository, author points at the upstream @whiskeysockets/baileys,...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:27 p.m.13 views

Malicious code in naileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53307e8df479525765ddef8cf9a54dcf0aa368b8ef57a088b624a5e80f72c999 naileys is a fork/lookalike of the WhatsApp library baileys single-character edit; internal references still mention 'wileys', and...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 9:37 p.m.11 views

Malicious code in eplang (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21 The package ships epl/.aiconfig.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation epl ai, epl ge...

5.9AI score
Exploits0References4
OSV
OSV
added 2024/06/16 3:30 p.m.1 views

GHSA-WMVM-9VQV-5QPP langchain_experimental Code Execution via Python REPL access

langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...

7.8CVSS5.8AI score0.00225EPSS
Exploits0References6
Rows per page
Query Builder