Lucene search
K

515 matches found

NVD
NVD
added 2026/06/30 1:19 p.m.11 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/30 12:54 p.m.32 views

CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/30 12:54 p.m.7 views

EUVD-2026-40311

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:54 p.m.5 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.13 views

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

10CVSS6.1AI score0.00506EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/03 9:47 p.m.15 views

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

9.6CVSS7.6AI score0.00531EPSS
Exploits1References5
NVD
NVD
added 2026/06/03 2:16 p.m.20 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS0.00531EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/03 12:33 p.m.9 views

CVE-2026-5241 Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00531EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:33 p.m.11 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00531EPSS
Exploits1References3
CVE
CVE
added 2026/06/03 12:33 p.m.52 views

CVE-2026-5241

Technical details (affected products, versions, fixes, or exploit specifics) are not publicly available in the provided connected documents. Monitor for updates from vendors and security advisories.

9.6CVSS7.9AI score0.00531EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/06/03 12:33 p.m.4 views

CVE-2026-5241 Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

7.7CVSS7.9AI score0.00531EPSS
Exploits1References9
EUVD
EUVD
added 2026/06/03 12:33 p.m.14 views

EUVD-2026-34084

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00531EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-45946

Name of the Vulnerable Software and Affected Versions huggingface/transformers version 5.2.0 Description A flaw in the LightGlue model loading path allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue occurs because the trust remote code...

9.6CVSS8AI score0.00531EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multimodal models, and can be used for both inference and training. Version 5.2.0 of Hugging Face Transformers contains a...

9.6CVSS8.1AI score0.00531EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.11 views

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.4 views

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.3CVSS6.7AI score0.00915EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

OpenMed 代码注入漏洞

OpenMed is a medical text structuring and analysis tool developed by Maziyar Panahi. Versions of OpenMed prior to 1.5.2 contained a code injection vulnerability. This vulnerability stemmed from a remote code execution flaw in the path where the PII privacy filter model is loaded. It could allow...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 11:52 p.m.9 views

Malicious Package

Overview @t-in-one/prefilltransformersdatatoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/26 1:30 p.m.3 views

GHSA-29PF-2H5F-8G72 HuggingFace transformers vulnerable to remote code execution

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00479EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/05/24 3:54 p.m.6 views

3m (>=0.1.1 <=0.1.3), 4dpocket (>=0.1.3 <=0.1.4) +8478 more potentially affected by CVE-2026-4372 via transformers (>=5.0.0 <=5.2.0)

transformers PYPI version =5.0.0, =0.1.1, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =2.3.15.994, =4.0.2 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 - aait-store-cut-part-003 =0.0.1 - aait-store-cut-part-004 =0.0.1 - aait-store-cut-part-005 =0.0.1 -...

7.8CVSS7AI score0.00479EPSS
Exploits1
Rows per page
Query Builder