Lucene search
K

8 matches found

Nuclei
Nuclei
added 2 days ago50 views

LMDeploy - Server-Side Request Forgery

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in the vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal or...

7.5CVSS6.2AI score0.4525EPSS
Exploits2References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-491 Apache Pyfory python is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

9.8CVSS6.2AI score0.41255EPSS
Exploits2References9
EUVD
EUVD
added 2025/10/08 12:31 a.m.7 views

EUVD-2025-31867

EUVD-2025-31867...

4.8CVSS4.2AI score0.00189EPSS
Exploits1References8
NVD
NVD
added 2025/10/01 10:15 a.m.7 views

CVE-2025-61622

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

9.8CVSS0.41255EPSS
Exploits2References2
CVE
CVE
added 2025/10/01 9:55 a.m.48 views

CVE-2025-61622

CVE-2025-61622 describes a deserialization vulnerability in Apache Pyfory (and legacy PyFury) where untrusted data can trigger a pickle.loads path during deserialization, enabling remote code execution. Affected: Pyfory versions 0.12.0–0.12.2 and legacy PyFury 0.1.0–0.10.3. The issue arises from ...

9.8CVSS7.6AI score0.41255EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/01 9:55 a.m.3 views

CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

7.6AI score0.41255EPSS
Exploits2References1
Snyk
Snyk
added 2025/09/24 1:43 p.m.2 views

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the msdp\preprocessing script. An attacker can execute arbitrary code and escalate privileges...

8.5CVSS8.3AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

SQL Injection

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to SQL Injection in the defaultjsonalyzer function, which may allow arbitrary file writes or denial of service by occupying database resources. An attacker who can inject SQL into...

8.3CVSS8.1AI score0.00478EPSS
Exploits1References2
Rows per page
Query Builder