Lucene search
K

7 matches found

OSV
OSV
added 2026/07/01 6:35 p.m.8 views

MAL-2026-6707 Malicious code in svgson-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...

6.4AI score
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-513 Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

9CVSS5.9AI score0.00895EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.11 views

CVE-2026-45833

A flaw was found in the ChromaDB Python project. An authenticated attacker with UPDATECOLLECTION permission could exploit a code injection vulnerability. By sending a malicious model repository to a specific API endpoint with trustremotecode enabled, the attacker can execute arbitrary code on the...

9.4CVSS6.1AI score0.00342EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:9 a.m.16 views

Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...

6.1AI score
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/01/14 6:59 p.m.13 views

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

9CVSS7.7AI score0.00895EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:59 p.m.4 views

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

9CVSS7.3AI score0.00895EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/14 4:0 p.m.26 views

Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

9CVSS7.2AI score0.00895EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder