509 matches found
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14928
CVE-2025-14928 – Hugging Face Transformers HuBERT convert_config code execution . A flaw in convert_config fails to validate a user-supplied string before using it to execute Python code, enabling arbitrary code execution when processing a malicious HuBERT checkpoint. Affected product: Hugging Fa...
CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2025-14924
Summary: CVE-2025-14924 affects Hugging Face Transformers megatron_gpt2. The vulnerability arises during the parsing of checkpoints, where user-supplied data is not properly validated, allowing deserialization of untrusted data and resulting in arbitrary code execution in the current process. Imp...
CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2025-14920 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability ...
CVE-2025-14920
CVE-2025-14920 affects Hugging Face Transformers Perceiver Model with a deserialization of untrusted data in model files, enabling arbitrary code execution in the context of the current user when a user opens a malicious model/file or visits a crafted page. Impact details align with multiple sour...
CVE-2025-14920 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability ...
CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...
CVE-2025-14926
Hugging Face Transformers SEW convert_config vulnerability (CVE-2025-14926) affects the Transformers library. The flaw is in convert_config: it does not validate a user-supplied string before using it to execute Python code, enabling arbitrary code execution in the attacker’s context when a malic...
CVE-2025-14927
The CVE-2025-14927 issue affects Hugging Face Transformers SEW-D, specifically the convert_config function. The flaw results from insufficient validation of a user-supplied string before it is used to execute Python code, enabling arbitrary code execution in the caller’s context when converting a...
CVE-2025-14927 Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14927 Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability
Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...
CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...