CVE-2026-5473 NASA cFS Pickle pickle.load deserialization

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

Arbitrary Code Execution

transformers is vulnerable to Arbitrary Code Execution. This vulnerability is due to the deserialization of untrusted data within the loadrepocheckpoint function in the TFPreTrainedModel class, where attackers can exploit the use of pickle.load on data from potentially untrusted sources to execut...

Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

GHSA-37Q5-V5QM-C9V8 Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

CVE-2024-3568

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

CVE-2024-3568

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

Deserialization Of Untrusted Data

huggingface/transformers is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the implementation of TransfoXLTokenizer, which automatically loads the vocab.pkl file from the remote repository using the risky pickle.load function without any restrictions. This issue can ...

Python 3.4.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.7, 3.7.x < 3.7.1 Python Issue (bpo-34656) - Linux

Python is prone to a denial of service DoS vulnerability in the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

CVE-2021-35196

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...

CVE-2021-35196

Manuskript ≤ 0.12.0 is affected by insecure deserialization via pickle.load() in settings.py, enabling remote code execution through a crafted settings.pickle inside a project file. The vendor notes the product is not intended for untrusted project files. Exploitation details, affected components...

CVE-2021-35196

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...

Plex Unpickle Dict Windows Remote Code Execution Exploit

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will b...

Denial Of Service (DoS)

numpy is vulnerable to denial of service DoS. The invocation of pickle.load on pickled void objects results in a crash. Note that an attacker could potentially obtain arbitrary code execution from the resulting segmentation fault...

conference-scheduler-cli Arbitrary Code Execution

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

GHSA-CF3C-FFFP-34QH conference-scheduler-cli Arbitrary Code Execution

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

CVE-2018-14572

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

Code injection in rope

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...