93 matches found
CVE-2026-54499
CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...
Deserialization of Untrusted Data
Overview stanza is an A Python NLP Library for Many Human Languages, by the Stanford NLP Group Affected versions of this package are vulnerable to Deserialization of Untrusted Data while loading the lemma classifier due to unsafe fallback to torch.load..., weightsonly=False when the safe load...
Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders
Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...
PT-2026-51062
Name of the Vulnerable Software and Affected Versions Stanza version 1.12.0 Description An issue exists where the software attempts to load PyTorch checkpoint files using a safe method but automatically falls back to an unsafe deserialization process when a pickle.UnpicklingError occurs. Because...
CVE-2026-54499
creationtimestamp| type| source ---|---|--- 2026-06-18 19:32:55+00:00| published-proof-of-concept| https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c 2026-07-09 01:20:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hrarjta2z...
CVE-2026-1784
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...
Fedora 43 : prosody (2026-36c53b9ca8)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-36c53b9ca8 advisory. Prosody 13.0.5 Upstream is pleased to announce a new minor release from their stable branch. This is a security release for the Prosody 13.0.x stabl...
CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
EUVD-2019-0001
Malware in sbrugna...
EUVD-2006-1333
Malware in sbrugna...
EUVD-2014-0402
Malware in sbrugna...
EUVD-2011-1017
Malware in sbrugna...
EUVD-2015-8565
Malware in sbrugna...
EUVD-2022-5928
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-0821
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage...
CVE-2024-46957
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...
PT-2024-32298 · Mellium · Mellium.Im/Xmpp
Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 Description: The issue allows response spoofing because the stanza type is not checked. This can lead to potential system compromise. The estimated number of potentially affected devices...
GO-2022-1062 Nomad Panics On Job Submission With Bad Artifact Stanza Source URL in github.com/hashicorp/nomad
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL in github.com/hashicorp/nomad...
GO-2022-0560 Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad
Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad...
SUSE CVE-2006-1329
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...