2 matches found
PYSEC-2026-1925 SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
GeoServer Security Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.5 and prior to 2.24.2, which stems from an arbitrary file renaming vulnerability that allows authenticated...