Lucene search
+L

26 matches found

cnnvd
cnnvd
added 2025/01/27 12:0 a.m.47 views

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in versions of vLLM prior to v0.7.0 that stems from arbitrary code execution during unpickling when torch.load loads malicious pickle data...

8.8CVSS7.3AI score0.00694EPSS
Exploits0References4
veracode
veracode
added 2024/09/16 8:25 a.m.8 views

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...

7.5CVSS7.3AI score0.00481EPSS
Exploits1References4Affected Software1
pypa
pypa
added 2024/01/23 6:15 p.m.8 views

PYSEC-2024-23

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...

5.3CVSS6.9AI score0.00751EPSS
Exploits1References8Affected Software1
osv
osv
added 2022/05/24 10:0 p.m.4 views

GHSA-9FQ2-X9R6-WFMF Numpy Deserialization of Untrusted Data

DISPUTED An issue was discovered in NumPy 1.16.2 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...

9.8CVSS7.5AI score0.17078EPSS
Exploits2References18
pypa
pypa
added 2018/08/28 7:29 p.m.9 views

PYSEC-2018-64

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS7.9AI score0.02391EPSS
Exploits1References3Affected Software1
osv
osv
added 2018/03/08 9:29 p.m.6 views

UBUNTU-CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS7.5AI score0.04593EPSS
Exploits1References4
Rows per page
Query Builder