Lucene search
K

509 matches found

RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.8 views

CVE-2025-14930

A flaw was found in the Hugging Face Transformers library. The parsing of weights fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious GLM4 model, resulting in arbitrary code execution in the context of the...

8.8CVSS8AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.7 views

CVE-2025-14928

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious HuBERT model checkpoint, causing arbitrary code execution in the contex...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.12 views

CVE-2025-14929

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious X-CLIP model, resulting in arbitrary code execution in the context o...

8.8CVSS7.9AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.11 views

CVE-2025-14927

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW-D model checkpoint, causing arbitrary code execution in the context...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.8 views

CVE-2025-14926

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW model checkpoint, causing arbitrary code execution in the context o...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.12 views

CVE-2025-14924

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious megatrongpt2 model, resulting in arbitrary code execution in the...

8.8CVSS8AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.11 views

CVE-2025-14920

A flaw was found in the Hugging Face Transformers library. The parsing of model files fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious Perceiver model or convincing a user to visit a malicious page,...

8.8CVSS7.9AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.6 views

CVE-2025-14921

A flaw was found in the Hugging Face Transformers library. The parsing of model files fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious Transformer-XL model, resulting in arbitrary code execution in the...

8.8CVSS7.9AI score0.00262EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/23 9:51 p.m.5 views

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a malicious checkpoint file that is process...

8.5CVSS8AI score0.00278EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/23 9:51 p.m.4 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14927 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14927 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564366...

7.8CVSS7AI score0.00278EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.4 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14928 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14928 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564364...

7.8CVSS7AI score0.00278EPSS
Exploits0
Snyk
Snyk
added 2025/12/23 9:50 p.m.3 views

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a malicious checkpoint file that is process...

8.5CVSS8AI score0.00278EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.4 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14921 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14921 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564365...

7.8CVSS7AI score0.00262EPSS
Exploits0
Snyk
Snyk
added 2025/12/23 9:50 p.m.5 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing process of model files. An attacker can execute arbitrary code in the context of the current user by...

8.5CVSS7.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/23 9:50 p.m.4 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the megatrongpt2 process. An attacker can achieve arbitrary code execution by tricking a user into opening a...

8.5CVSS7.9AI score0.00262EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.5 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14924 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14924 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564363...

7.8CVSS7AI score0.00262EPSS
Exploits0
Snyk
Snyk
added 2025/12/23 9:50 p.m.2 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing of model files. An attacker can execute arbitrary code by tricking a user into opening a specially...

8.5CVSS7.9AI score0.00262EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.4 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3856 more potentially affected by CVE-2025-14920 via transformers (>=2.10.0 <=5.0.0rc0)

transformers PYPI version =2.10.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14920 Source advisory:...

7.8CVSS7AI score0.00262EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.4 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14929 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14929 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564275...

7.8CVSS7AI score0.00315EPSS
Exploits0
Snyk
Snyk
added 2025/12/23 9:50 p.m.6 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the parsing of checkpoints. An attacker can achieve arbitrary code execution by tricking a user into opening a...

8.5CVSS8AI score0.00315EPSS
Exploits0References2
Rows per page
Query Builder