Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/12 7:25 p.m.8 views

Deserialization of Untrusted Data

Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the model serving process. An attacker can execute arbitrary code on the system by...

9.8CVSS6.2AI score0.00497EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 2:28 p.m.8 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the GGUF model loader. An attacker can access sensitive server memory contents, including environment variables, API keys, system prompts, and concurrent users' conversation data, by submitting a specially crafted...

9.1CVSS6AI score0.01001EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.4 views

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

7.5CVSS7AI score0.00561EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.1 views

PT-2022-22598 · Renato · Renato

Name of the Vulnerable Software and Affected Versions: Renato version 0.17.0 Description: The issue is a cross-site scripting XSS vulnerability. This means that an attacker could potentially inject malicious scripts into the website, allowing them to steal user data or take control of the user's...

9.8CVSS5.7AI score0.01318EPSS
Exploits3References11
Rows per page
Query Builder