CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

CVE-2025-71322

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS

Exploits0References2

Cvelist•added 6 days ago•15 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

8.8CVSS0.00384EPSS

Exploits0References2

EUVD•added 6 days ago•7 views

EUVD-2025-210269

8.8CVSS6AI score0.00384EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:50 p.m.•5 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:23 p.m.•9 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS6.6AI score0.15547EPSS

Exploits1References1

CNNVD•added 2026/06/01 12:0 a.m.•7 views

aiter 代码问题漏洞

aiter is a high-performance AI operator library open source by AMD ROCm™ Software, providing optimized GPU cores for inference and training. Versions of aiter prior to 0.1.14 contain code vulnerabilities. These vulnerabilities stem from unauthenticated remote code execution in the MessageQueue.re...

9.8CVSS6.7AI score0.00735EPSS

Exploits1References3

CNNVD•added 2026/05/14 12:0 a.m.•7 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

7.2CVSS6AI score0.0039EPSS

Exploits0References2

NVD•added 2026/05/12 6:16 p.m.•6 views

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

8.8CVSS0.00458EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40119

6.5AI score0.00458EPSS

Exploits0References3

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Horovod 安全漏洞

Horovod is a distributed training framework developed by Horovod OpenSource, based on TensorFlow, Keras, PyTorch, and Apache MXNet. Horovod versions 0.28.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authentication and authorization controls in the...

9.8CVSS6.2AI score0.00687EPSS

Exploits0References2

CNNVD•added 2026/05/12 12:0 a.m.•6 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability arises from the model loading process, where the .pt files in the user-specified directory are loaded using torch.load, without enabling...

8.8CVSS6.1AI score0.00458EPSS

Exploits0References2

Github Security Blog•added 2026/05/10 3:31 p.m.•6 views

Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter

8.8CVSS6.7AI score0.00927EPSS

Exploits1References8Affected Software1

OSV•added 2026/05/10 3:31 p.m.•5 views

GHSA-444R-2WHX-3685 Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter

8.8CVSS6.7AI score0.00927EPSS

Exploits1References8

OSV•added 2026/05/10 1:16 p.m.•4 views

PYSEC-2026-131

8.8CVSS6.7AI score0.00927EPSS

Exploits1References4

NVD•added 2026/05/10 1:16 p.m.•8 views

CVE-2021-47935

8.8CVSS0.00927EPSS

Exploits1References3

ATTACKERKB•added 2026/05/10 12:43 p.m.•5 views

CVE-2021-47935

8.8CVSS6.7AI score0.00927EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/05/10 12:0 a.m.•10 views

PT-2026-39510

8.8CVSS6.7AI score0.00927EPSS

Exploits1References4

CNNVD•added 2026/05/10 12:0 a.m.•8 views

Sentry 代码注入漏洞

Sentry is an open-source error tracking and performance monitoring platform for developers. Version Sentry 8.2.0 contains a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated superusers to execute arbitrary commands by injecting...

8.8CVSS6.7AI score0.00927EPSS

Exploits1References1

ATTACKERKB•added 2026/04/23 7:45 p.m.•3 views

CVE-2026-25874

9.3CVSS6.4AI score0.15547EPSS

Exploits1References6

CVE•added 2026/04/23 7:45 p.m.•14 views

CVE-2026-25874

LeRobot has an unsafe deserialization vulnerability in its async inference pipeline. pickle.loads() is used to deserialize data received over unauthenticated, TLS-less gRPC channels in both the policy server and robot client components. An unauthenticated, network-reachable attacker can achieve a...

9.8CVSS6.4AI score0.15547EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by