ZDI-25-1151: (0Day) NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1150: (0Day) Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1149: (0Day) Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1148: (0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1147: (0Day) Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1146: (0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1145: (0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1144: (0Day) Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1143: (0Day) Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required... 19/12/2025 Zero-Day Initiative
ZDI-25-1142: (0Day) Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required... 19/12/2025 Zero-Day Initiative
