Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2025/08/01 12:0 a.m.6 views

CVE-2025-50472

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...

8.3AI score0.01855EPSS
Exploits1References2
OSV
OSVadded 2025/06/26 2:40 p.m.4 views

CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

8.3CVSS8.2AI score0.04222EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/06/26 2:40 p.m.6 views

CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

8.3CVSS0.04222EPSS
Exploits1References3
Cvelist
Cvelistadded 2024/11/21 4:53 p.m.22 views

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

7.5CVSS0.03243EPSS
Exploits1References3
OSV
OSVadded 2022/06/16 9:15 p.m.9 views

CVE-2020-25459

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

7.5CVSS6.3AI score
Exploits0References1
Schneier on Security
Schneier on Securityadded 2019/11/29 11:43 a.m.84 views

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-ti...

7.4AI score
Exploits0
Rows per page
Query Builder