Lucene search
+L

57 matches found

OSV
OSV
added 2026/06/30 12:54 p.m.3 views

CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.3CVSS6.8AI score0.00497EPSS
Exploits2References5
CVE
CVE
added 2026/06/30 12:54 p.m.26 views

CVE-2026-58116

CVE-2026-58116 affects LLaMA-Factory up to version 0.9.5. A remote code execution vulnerability exists when a malicious model path is supplied via WebUI Chat/Training interfaces; unvalidated input is passed to AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with trust_remote_code=...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/30 12:54 p.m.7 views

CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.12 views

Model Poisoning against Federated Model Adaptation with Chain of Bit-Flips

Federated Learning FL allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients controlled by malicious third party potentially poison the training...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.21 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS0.00531EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:33 p.m.11 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00531EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.21 views

PT-2026-45946

Name of the Vulnerable Software and Affected Versions huggingface/transformers version 5.2.0 Description A flaw in the LightGlue model loading path allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue occurs because the trust remote code...

9.6CVSS8AI score0.00531EPSS
Exploits1References10
NVD
NVD
added 2026/05/24 2:16 p.m.21 views

CVE-2026-4372

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS0.00479EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/24 1:40 p.m.12 views

CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00479EPSS
Exploits1References2
OSV
OSV
added 2026/05/24 1:40 p.m.3 views

CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00479EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.18 views

PT-2026-42614

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "get model arch and related helpers hardcode trust remote code=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this...

7.8CVSS6.5AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 3:31 p.m.18 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...

7.5CVSS6.2AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42205

Name of the Vulnerable Software and Affected Versions diffusers affected versions not specified Description A race condition exists in the DiffusionPipeline.from pretrained flow when loading pipelines from the HuggingFace Hub. The process involves two separate HTTP calls: one via hf hub download ...

7.5CVSS6.5AI score0.00268EPSS
Exploits0References14
PyPA
PyPA
added 2026/05/14 5:16 p.m.23 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 5:16 p.m.11 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 5:16 p.m.38 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00865EPSS
Exploits1References4
CVE
CVE
added 2026/05/14 4:33 p.m.79 views

CVE-2026-44827

Diffusers prior to 0.38.0 is vulnerable to silent remote code execution when loading pipelines from Hugging Face Hub without trust_remote_code. If custom_pipeline is not supplied, _resolve_custom_pipeline_and_cls formats None as None.py; a repository containing a None.py with a subclass of Diffus...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/14 4:26 p.m.68 views

EUVD-2026-30334

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:26 p.m.8 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder