Remote Code Execution
333 entries
Every Remote Code Execution entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
vLLM affected by RCE via auto_map dynamic module loading during model initialization
# Summary vLLM loads Hugging Face `auto_map` dynamic modules during model resolution **without gating on `trust_remote_code`**, allowing attacker-controlled Python code in a model repo/path to execut...
PYSEC-2026-85
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The...
Picklescan Bypasses Unsafe Globals Check using pty.spawn
### Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the `pty` library...
Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i...
PYSEC-2025-218
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
PYSEC-2025-217
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on af...
PYSEC-2025-216
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hu...
PYSEC-2025-215
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hug...
PYSEC-2025-214
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Huggi...
PYSEC-2025-213
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installa...
PYSEC-2025-212
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i...
PYSEC-2025-211
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected instal...
LangChain serialization injection vulnerability enables secret extraction
## Context A serialization injection vulnerability exists in LangChain JS's `toJSON()` method (and subsequently when string-ifying objects using `JSON.stringify()`. The method did not escape objects...
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
## Summary A serialization injection vulnerability exists in LangChain's `dumps()` and `dumpd()` functions. The functions do not escape dictionaries with `'lc'` keys when serializing free-form dictio...
Langflow CORS misconfiguration enables Account Takeover and RCE
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with all...
vLLM vulnerable to remote code execution via transformers_utils/get_config
### Summary `vllm` has a critical remote code execution vector in a config class named `Nemotron_Nano_VL_Config`. When `vllm` loads a model config that contains an `auto_map` entry, the config class...
vLLM deserialization vulnerability leading to DoS and potential RCE
### Summary A memory corruption vulnerability that leading to a crash (denial-of-service) and potentially remote code execution (RCE) exists in vLLM versions 0.10.2 and later, in the Completions API e...
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow...
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
**Note:** This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I’ve chosen to do so privately rather than opening a public...
Keras is vulnerable to Deserialization of Untrusted Data
### Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted `.keras` model archive, even when `safe_mode=True`. The issue arises be...
Picklescan Bypass is Possible via File Extension Mismatch
### Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension (e.g., .bin). This occurs becaus...
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
### Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check (CRC). Instead of attempting to scan...
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
### Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for ful...
Monai: Unsafe use of Pickle deserialization may lead to RCE
>To prevent this report from being deemed inapplicable or out of scope, due to the project's unique nature (for medical applications) and widespread popularity (6k+ stars), it's important to pay atten...
MONAI: Unsafe torch usage may lead to arbitrary code execution
### Summary In ```model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)``` in monai/bundle/scripts.py , ```weights_only=True``` is loaded securely. However, insecure...