Lucene search
K

93 matches found

CVE
CVE
added yesterday22 views

CVE-2026-54499

CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...

7.5CVSS6.3AI score
Exploits0References4
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Deserialization of Untrusted Data

Overview stanza is an A Python NLP Library for Many Human Languages, by the Stanford NLP Group Affected versions of this package are vulnerable to Deserialization of Untrusted Data while loading the lemma classifier due to unsafe fallback to torch.load..., weightsonly=False when the safe load...

7.7CVSS6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...

7.5CVSS6.5AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51062

Name of the Vulnerable Software and Affected Versions Stanza version 1.12.0 Description An issue exists where the software attempts to load PyTorch checkpoint files using a safe method but automatically falls back to an unsafe deserialization process when a pickle.UnpicklingError occurs. Because...

7.5CVSS6.2AI score
Exploits0References8
Circl
Circl
added 2026/06/18 7:32 p.m.7 views

CVE-2026-54499

creationtimestamp| type| source ---|---|--- 2026-06-18 19:32:55+00:00| published-proof-of-concept| https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c 2026-07-09 01:20:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hrarjta2z...

7.5CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/02 9:16 a.m.17 views

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

8.8CVSS0.0015EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.8 views

Fedora 43 : prosody (2026-36c53b9ca8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-36c53b9ca8 advisory. Prosody 13.0.5 Upstream is pleased to announce a new minor release from their stable branch. This is a security release for the Prosody 13.0.x stabl...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.12 views

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS5.8AI score0.00237EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0001

Malware in sbrugna...

7.4CVSS7.3AI score0.0116EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-1333

Malware in sbrugna...

5CVSS4.4AI score0.02826EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0402

Malware in sbrugna...

5CVSS7.4AI score0.06242EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1017

Malware in sbrugna...

6.4CVSS6.1AI score0.02901EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8565

Malware in sbrugna...

5.8CVSS5.3AI score0.01723EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5928

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01325EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-0821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage...

6.5CVSS6.4AI score0.00795EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.15 views

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

9.3AI score0.00612EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.3 views

PT-2024-32298 · Mellium · Mellium.Im/Xmpp

Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 Description: The issue allows response spoofing because the stanza type is not checked. This can lead to potential system compromise. The estimated number of potentially affected devices...

9.8CVSS6.5AI score0.00612EPSS
Exploits0References10
OSV
OSV
added 2024/08/21 4:3 p.m.25 views

GO-2022-1062 Nomad Panics On Job Submission With Bad Artifact Stanza Source URL in github.com/hashicorp/nomad

Nomad Panics On Job Submission With Bad Artifact Stanza Source URL in github.com/hashicorp/nomad...

6.5CVSS6.4AI score0.00716EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 3:11 p.m.18 views

GO-2022-0560 Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad

Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad...

6.5CVSS6.3AI score0.01396EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.2 views

SUSE CVE-2006-1329

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

5CVSS6.8AI score0.02826EPSS
Exploits0References2
Rows per page
Query Builder