Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.12 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS6.6AI score0.15547EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 9:31 p.m.11 views

EUVD-2026-25292

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achie...

9.3CVSS6.4AI score0.15547EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/23 7:45 p.m.91 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS0.15547EPSS
Exploits1References5
CVE
CVE
added 2026/04/23 7:45 p.m.27 views

CVE-2026-25874

LeRobot has an unsafe deserialization vulnerability in its async inference pipeline. pickle.loads() is used to deserialize data received over unauthenticated, TLS-less gRPC channels in both the policy server and robot client components. An unauthenticated, network-reachable attacker can achieve a...

9.8CVSS6.4AI score0.15547EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34741

Name of the Vulnerable Software and Affected Versions LeRobot versions prior to 0.6.0 Description An unsafe deserialization issue exists in the asynchronous inference pipeline of the policy server and robot client components. The software uses the pickle.loads function to deserialize data receive...

9.8CVSS6.7AI score0.15547EPSS
Exploits1References50
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.3 views

SUSE CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.8CVSS6.6AI score0.91789EPSS
Exploits10References8
OSV
OSV
added 2018/10/17 12:29 p.m.2 views

DEBIAN-CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.1CVSS6.5AI score0.91789EPSS
Exploits10References1
Rows per page
Query Builder