4 matches found
Deserialization of Untrusted Data
Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the model serving process. An attacker can execute arbitrary code on the system by...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the GGUF model loader. An attacker can access sensitive server memory contents, including environment variables, API keys, system prompts, and concurrent users' conversation data, by submitting a specially crafted...
PT-2023-23589
Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...
PT-2022-22598 · Renato · Renato
Name of the Vulnerable Software and Affected Versions: Renato version 0.17.0 Description: The issue is a cross-site scripting XSS vulnerability. This means that an attacker could potentially inject malicious scripts into the website, allowing them to steal user data or take control of the user's...