Lucene search
K

304 matches found

OSV
OSV
added 2025/09/16 5:21 a.m.2 views

MAL-2025-47324 Malicious code in login-tokenizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd2c92f86a125653632d04c1a4dbd53c5277d7362e0caaff90e0f65b7a92c5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/12 12:30 p.m.9 views

Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

7.5CVSS7.2AI score0.00483EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/09/12 11:15 a.m.4 views

CVE-2025-6638

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

7.5CVSS0.00483EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/12 10:46 a.m.2 views

CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

5.3CVSS6.8AI score0.00483EPSS
Exploits1References2
CVE
CVE
added 2025/09/12 10:46 a.m.24 views

CVE-2025-6638

CVE-2025-6638 affects Hugging Face Transformers, specifically MarianTokenizer.remove_language_code(). The vulnerability arises from inefficient regex processing that can be triggered by crafted input patterns, causing high CPU usage and potential DoS. Affected version: 4.52.4; fixed in 4.53.0. IB...

7.5CVSS6.8AI score0.00483EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37307

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions prior to 4.53.0 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically affecting the remove language code method within the...

5.3CVSS5.5AI score0.00483EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

5.5CVSS4.9AI score0.0019EPSS
Exploits1References2
OSV
OSV
added 2025/08/24 4:15 p.m.5 views

UBUNTU-CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

5.5CVSS5.4AI score0.0019EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/08/24 4:2 p.m.2 views

CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

5.3CVSS5.1AI score0.0019EPSS
Exploits1References7
CVE
CVE
added 2025/08/24 4:2 p.m.27 views

CVE-2025-9394

PoDoFo 1.1.0-dev is affected by CVE-2025-9394 in the PdfTokenizer::DetermineDataType function within PdfTokenizer.cpp (PDF Dictionary Parser). The issue enables a use-after-free condition that can be triggered by manipulating the file locally, with the exploit already published. A patch/commit to...

5.5CVSS5.2AI score0.0019EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2025/08/24 4:2 p.m.11 views

CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

5.3CVSS0.0019EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/08/24 12:0 a.m.4 views

PoDoFo 安全漏洞

PoDoFo is a free portable C++ library open-sourced by PoDoFo. A security vulnerability exists in PoDoFo version 1.1.0-dev, which originates from a post-release reuse of the PdfTokenizer::DetermineDataType function in the src/podofo/main/PdfTokenizer.cpp file...

5.5CVSS5.3AI score0.0019EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/08/24 12:0 a.m.6 views

PT-2025-34570 · Podofo +1 · Podofo +1

Name of the Vulnerable Software and Affected Versions: PoDoFo version 1.1.0-dev Description: A flaw has been identified in the PDF Dictionary Parser component of PoDoFo. The issue resides within the PdfTokenizer::DetermineDataType function in the file src/podofo/main/PdfTokenizer.cpp. Manipulatio...

5.3CVSS5.1AI score0.0019EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-22872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, thi...

6.5CVSS6.7AI score0.0045EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/01 6:31 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the sortahtmltokenizere regex used in the HTML tokenizer due to improperly constraining quoted attribute values ".?",...

6.9CVSS6.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/06/25 1:44 p.m.0 views

SUSE CVE-2025-52566

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

8.8CVSS7.1AI score0.00318EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/06/24 5:10 p.m.4 views

CVE-2025-52566

A flaw was found in the tokenizer component of llama.cpp. This vulnerability allows heap memory corruption via carefully crafted text input during tokenization, due to a signed vs. unsigned integer overflow in the llamavocab::tokenize function. Mitigation Mitigation for this issue is either not...

8.8CVSS6.6AI score0.00318EPSS
Exploits1References2
NVD
NVD
added 2025/06/24 4:15 a.m.5 views

CVE-2025-52566

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

8.8CVSS0.00318EPSS
Exploits1References2
OSV
OSV
added 2025/06/24 4:15 a.m.2 views

UBUNTU-CVE-2025-52566

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

8.8CVSS5.8AI score0.00318EPSS
Exploits1References5
CVE
CVE
added 2025/06/24 3:21 a.m.39 views

CVE-2025-52566

CVE-2025-52566 affects llama.cpp (tokenizer in llama_vocab::tokenize). Prior to version b5721, a signed vs. unsigned integer overflow enables heap-overflow during tokenization, causing unintended behavior in token copying. This could enable heap-related issues during inference with crafted input....

8.8CVSS8.8AI score0.00318EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder