Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

53 matches found

Packet Storm News
Packet Storm Newsβ€’added 2026/06/08 12:0 a.m.β€’7 views

Model Poisoning against Federated Model Adaptation with Chain of Bit-Flips

Federated Learning FL allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients controlled by malicious third party potentially poison the training...

5.5AI score
Exploits0
RedhatCVE
RedhatCVEβ€’added 2026/06/05 7:45 p.m.β€’8 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References1
NVD
NVDβ€’added 2026/06/03 2:16 p.m.β€’17 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS0.00433EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBβ€’added 2026/06/03 12:33 p.m.β€’7 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00433EPSS
Exploits1References3
Positive Technologies
Positive Technologiesβ€’added 2026/06/03 12:0 a.m.β€’10 views

PT-2026-45946

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust remote code parameter, intended to prevent remote code execution, ...

8CVSS7.9AI score0.00433EPSS
Exploits1References4
NVD
NVDβ€’added 2026/05/24 2:16 p.m.β€’19 views

CVE-2026-4372

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS0.00479EPSS
Exploits1References2
Vulnrichment
Vulnrichmentβ€’added 2026/05/24 1:40 p.m.β€’9 views

CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00479EPSS
Exploits1References2
Positive Technologies
Positive Technologiesβ€’added 2026/05/21 12:0 a.m.β€’10 views

PT-2026-42614

πŸ“‹ Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "get model arch and related helpers hardcode trust remote code=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this...

7.8CVSS6.5AI score
Exploits0References3
Snyk
Snykβ€’added 2026/05/20 3:31 p.m.β€’17 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...

7.5CVSS6.2AI score0.00048EPSS
Exploits0References2
Positive Technologies
Positive Technologiesβ€’added 2026/05/20 12:0 a.m.β€’12 views

PT-2026-42205

Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.from pretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trust remote code guard: if the...

7.5CVSS6.4AI score0.00048EPSS
Exploits0References6
PyPA
PyPAβ€’added 2026/05/14 5:16 p.m.β€’12 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
NVD
NVDβ€’added 2026/05/14 5:16 p.m.β€’34 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00685EPSS
Exploits1References1
OSV
OSVβ€’added 2026/05/14 5:16 p.m.β€’9 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00685EPSS
Exploits1References1
CVE
CVEβ€’added 2026/05/14 4:33 p.m.β€’62 views

CVE-2026-44827

Diffusers prior to 0.38.0 is vulnerable to silent remote code execution when loading pipelines from Hugging Face Hub without trust_remote_code. If custom_pipeline is not supplied, _resolve_custom_pipeline_and_cls formats None as None.py; a repository containing a None.py with a subclass of Diffus...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBβ€’added 2026/05/14 4:26 p.m.β€’6 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00685EPSS
Exploits1References2Affected Software1
EUVD
EUVDβ€’added 2026/05/14 4:26 p.m.β€’66 views

EUVD-2026-30334

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00685EPSS
Exploits1References1
Github Security Blog
Github Security Blogβ€’added 2026/05/12 6:30 p.m.β€’8 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References4Affected Software1
NVD
NVDβ€’added 2026/05/12 6:16 p.m.β€’8 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS0.00409EPSS
Exploits0References2
Positive Technologies
Positive Technologiesβ€’added 2026/05/12 12:0 a.m.β€’10 views

PT-2026-40126

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...

6.1AI score0.00409EPSS
Exploits0References3
CVE
CVEβ€’added 2026/05/12 12:0 a.m.β€’14 views

CVE-2026-31239

The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References2
Rows per page
Query Builder