14 matches found
CVE-2026-5817
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817 Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817 Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
EUVD-2026-31493
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817
CVE-2026-5817 affects the vllm-metal backend used by Docker Model Runner on macOS. The backend loads model tokenizers with trust_remote_code=True, causing transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files from models pulled from an OCI registry. This can en...
PT-2026-42830
Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...
NuGet Package 'Microsoft.ML.Tokenizers' Detection
The remote host has a 'Microsoft.ML.Tokenizers' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
CVE-2024-34359
CVE-2024-34359 affects llama-cpp-python (Python bindings for llama.cpp). The vulnerability arises when init loads a model’s chat template from the gguf metadata and constructs self.chat_handler via llama_chat_format.Jinja2ChatFormatter.to_chat_handler(), using a sandbox-less Jinja2 Environment. R...
SUSE CVE-2021-43854
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...
PYSEC-2021-859
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...
Cracken - A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool
Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust more on talk/. Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace's tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method...
python-pygments: ReDoS in multiple lexers
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...
From Regular Expressions to AI
Three generations of attack detection methodology The oldest and well-studied approach is based on signatures and heuristics. From before the internet times, this approach was implemented in most kinds of detection systems from firewalls to anti-viruses. The second genera- tion represents an...