CVE-2026-28500

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. A security control bypass exists in the onnx.hub.load function due to improper logic in its repository trust verification. An attacker can exploit this by providing a malicious model,...

ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

What's the issue Passing silent=True to onnx.hub.load kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness. python if not verifyreporefrepo and not silent: completely skipped when silent=True print"The model repo...

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...