Lucene search
K

10 matches found

NVD
NVD
added 2026/06/04 11:16 a.m.15 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS0.00075EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

ModelScope 安全漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Versions of ModelScope 4.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the Template.savepilimage function of the...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/03 9:15 p.m.9 views

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

8.1CVSS5.5AI score0.0004EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.11 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 4:16 p.m.24 views

CVE-2026-7845

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 3:45 p.m.52 views

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS0.0014EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/05 3:45 p.m.12 views

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS5.1AI score0.0014EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37082

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste...

2.6CVSS5.1AI score0.0014EPSS
Exploits0References7
CVE
CVE
added 2026/03/11 10:2 p.m.49 views

CVE-2026-3961

CVE-2026-3961 affects the zyddnys manga-image-translator project up to beta-0.3. The vulnerability lies in the function to_pil_image in manga-image-translator-main/server/request_extraction.py of the Translate Endpoints, where input handling allows server-side request forgery. The issue enables r...

6.5CVSS5.5AI score0.00251EPSS
Exploits0References12
OSV
OSV
added 2026/03/11 10:2 p.m.9 views

CVE-2026-3961 zyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side request forgery

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

5.3CVSS6.2AI score0.00251EPSS
Exploits0References14
Rows per page
Query Builder