CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

The vulnerability of the tarHandler component in the Grub2 operating system’s downloader allows a hacker to bypass the secure download mechanism.

The vulnerability of the tarHandler component in the Grub2 operating system’s loader involves writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to bypass the secure loading mechanism...

The vulnerability of the JPEG file loader for Grub2 operating systems, which allows a hacker to bypass the secure loading mechanism

The vulnerability of JPEG files loaded by Grub2 operating systems is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to bypass the secure loading mechanism...

The vulnerability in the secure loading mechanism of microprogramming software for Cisco Firepower Threat Defense (FTD) and Cisco Adaptive Security Appliance (ASA) series of Cisco Secure Firewalls 3100 allows attackers to circumvent the secure loading mechanism.

The vulnerability of the secure loading mechanism for microprogramming firewalls from Cisco Firepower Threat Defense and Cisco Adaptive Security Appliance, part of the Cisco Secure Firewall 3100 series, is related to the violation of trust boundaries. Exploiting this vulnerability allows attacker...

The vulnerability of the secure loading process for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to circumvent the secure loading mechanism.

The vulnerability of the secure loading process for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to failures in the security mechanisms. Exploiting this vulnerability can allow attackers to bypass the secure loading mechanism...

Microsoft Security Advisory: Insecure library loading could allow remote code execution

Microsoft Security Advisory: Insecure library loading could allow remote code execution INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory,...

The vulnerability of the Windows operating system, which allows a perpetrator to bypass the security mechanisms for secure downloads

The vulnerability of the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass the security mechanisms for secure loading by using administrative or physical access to install a specially crafted loader...