ZDI-25-1148: (0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1147: (0Day) Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1146: (0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1145: (0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1144: (0Day) Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1143: (0Day) Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required... 19/12/2025 Zero-Day Initiative
ZDI-25-1142: (0Day) Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required... 19/12/2025 Zero-Day Initiative
ZDI-25-1141: (0Day) Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... 19/12/2025 Zero-Day Initiative
Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393) Cisco Talos discovered a cyberattack campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and... 19/12/2025 Qualys-Threat-Protect
ZDI-25-1139: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit... 18/12/2025 Zero-Day Initiative
