An Empirical Study on Remote Code Execution in Machine Learning Model Hosting Ecosystems

Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the flexibility of these ecosystems introduces a critical security...

PT-2025-30264 · Eslint +1 · @Eslint/Plugin-Kit +1

Name of the Vulnerable Software and Affected Versions: yt-dlp versions 2025.06.25 and below Description: yt-dlp is a command-line audio/video downloader. A flaw exists where, on Windows, using the --exec option with the default placeholder or results in insufficient sanitization of the expanded...

PT-2025-27804 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 multi Description: The issue is related to a Buffer Overflow in the fromSetRouteStatic function via the list parameter. This can be exploited by sending a malformed route list parameter. Recommendations: For Tend...

PT-2025-17743 · Wedevs · Wedevs Appsero Helper

Name of the Vulnerable Software and Affected Versions: weDevs Appsero Helper versions n/a through 1.3.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0...

PT-2022-15508 · Sap · Sap 3D Visual Enterprise Viewer

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9.0 Description: The issue occurs when a user opens a manipulated JPEG file format received from untrusted sources, causing the application to crash and become temporarily unavailable until restart...

PT-2021-3879

Name of the Vulnerable Software and Affected Versions Linux versions prior to 2.6.19-rc1 are not specified, but versions since v2.6.19-rc1 are affected. Description The issue is related to a heap out-of-bounds write in the netfilter subsystem of the Linux kernel, specifically in the net/netfilter...

Zhiyuan OA A8 Getshell vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT monitoring to Zhiyuan OA A8 system there is a remote Getshell vulnerabilities, has been in the field use. Zhiyuan OA A8 is a popular collaborative management software, in the medium and large business institutions widespread use. 0x01 vulnerability details Zhiyuan A8+ some versi...

Mac 3 6 0“MacKeeper”exposure arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Believe Mac users must have seen Mackeeper ads--this is a Mac OS system optimization software, set anti-virus, encryption, data backup, system clean-up and software uninstall the All in one, can be considered to be Mac under 3 6 to 0. 5 December 7, Mackeeper is found that there is a serious...

The default WordPress Theme the presence of DOM XSS（cross-site scripting vulnerability affecting millions of users-vulnerability warning-the black bar safety net

! The use of the Genericons package of WordPress plugin or theme are likely to be affected by a DOM-basedXSSvulnerability, because of WordPress default theme Twenty Fifteen 及 知名 插件 Jetpack 都 包含 了 存在 漏洞 的 页面 example.html that affect millions of users. Vulnerability causes Any use of the genericons...

Java exposed a remote code execution vulnerability-vulnerability warning-the black bar safety net

Following the beginning of the month the Java website exposure local file inclusion（LFI）vulnerability, you can read more than 4 6 0 Oracle employees mailbox after. Today Java and exposed a series of security vulnerabilities, the attacker may not be authorized in the case of the victims of the Jav...

Kaspersky: Apple iOS and the Mac system vulnerabilities can lead to remote DoS（denial of services attacks-vulnerability warning-the black bar safety net

Kaspersky researchers in Apple OS X and iOS operating systems open source component Darwin kernel found a loophole Darwin Nuke it. The vulnerability can lead to OS X 10.10 and iOS 8 The device is subjected to a remote DoS attack, damage the user equipment, and the networked enterprise network...

PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis and use-vulnerability and early warning-the black bar safety net

Today, security researchers released a medium-risk vulnerabilities--PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 in. Typically, the php developer will be the file name suffix, file typeContent-Type, Mime type, file size, etc. to be checked to limit the malicious php script is...

D-Link friends of the perbadanan router Exposure the remote file upload and command injection vulnerabilities-vulnerability warning-the black bar safety net

D-Link router security also really many, some time ago just burst home Router the presence of a remote command injection vulnerability, and then someone in their firmware on the discovered two remotely exploitable vulnerabilities. An attacker could exploit the vulnerability can remotely access th...

doorGets CMS SQL injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: doorGets CMS 5.2 Vulnerability description: CVE ID:CVE-2 0 1 4-1 4 5 9 doorGets CMS is a content management system. Since the transfer to"/dg-admin/index.php"script"positiondownid" HTTP POST parameters failed to adequately filtered, the attacker can access the management...

Joomla! ‘index.php’ SQL injection vulnerability-vulnerability warning-the black bar safety net

SSV-ID:6 1 4 5 9 Ranking Wiki contributions to vulnerability scanning to cloud storage VPS Mac SSV-AppDir:Joomla vulnerability Published: 2014-02-06 Vulnerability version: Joomla! 3.2.1 Vulnerability description: BUGTRAQ ID: 6 5 4 1 0 Joomla! Is the United States the Open Source Matters team...

phpwcms 'preg_replace()'multiple remote PHP code injection vulnerability-vulnerability warning-the black bar safety net

phpwcms is an open source content management system. phpwcms 1.5.4.6 and other versions in the realization on the presence of a plurality of code injection vulnerability, an authenticated remote attacker can use the"backend user""admin user""backend user"account exploit these...

phpMyAdmin 3.5. x HTML injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: phpMyAdmin 3.5. x Vulnerability description: Bugtraq ID:5 5 9 2 5 CVE ID:CVE-2 0 1 2-5 3 3 9 phpMyAdmin is a PHP-based MySQL management program. phpMyAdmin Trigger, Procedure and Event pages not correctly escape HTML output, use the special name creating/modifying a trigger...

ECShop 2.7.2 /api/client/api. php blind injection vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: ECShop 2.7.2 Vulnerability description: ECShop is a domestic fashion online shopping Mall system. ECShop the presence of a blind injection vulnerabilities, the problem exists in the/api/client/api. php file, submit a specially crafted malicious POST request can be performedSQL...

Z-blog 1.8 web path information disclosure vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: Z-blog 1.8 Vulnerability description: Z-blog is based on Asp platform Blog blogweblogprogram Z-blog using the default editor there is a path information disclosure vulnerability Test method:...