Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for pyod by yzhao062

    CVE-2026-15529 (GCVE-0-2026-15529)

    Vulnerability from nvd – Published: 2026-07-13 03:45 – Updated: 2026-07-13 03:45
    VLAI
    Title
    yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization
    Summary
    A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    yzhao062 pyod Affected: 3.5.0
    Affected: 3.5.1
    Affected: 3.5.2
        cpe:2.3:a:yzhao062:pyod:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem0000000 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:yzhao062:pyod:*:*:*:*:*:*:*:*"
              ],
              "product": "pyod",
              "vendor": "yzhao062",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5.0"
                },
                {
                  "status": "affected",
                  "version": "3.5.1"
                },
                {
                  "status": "affected",
                  "version": "3.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem0000000 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T03:45:08.697Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377872 | yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377872"
            },
            {
              "name": "VDB-377872 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377872/cti"
            },
            {
              "name": "CVE-2026-15529 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15529"
            },
            {
              "name": "Submit #854559 | Yue Zhao / yzhao062 pyod 3.5.0 through 3.5.2 CWE-502: Deserialization of Untrusted Data",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/854559"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/yzhao062/pyod/issues/697"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/yzhao062/pyod/pull/698"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/yzhao062/pyod/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T17:52:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15529",
        "datePublished": "2026-07-13T03:45:08.697Z",
        "dateReserved": "2026-07-12T15:47:24.318Z",
        "dateUpdated": "2026-07-13T03:45:08.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15529 (GCVE-0-2026-15529)

    Vulnerability from cvelistv5 – Published: 2026-07-13 03:45 – Updated: 2026-07-13 03:45
    VLAI
    Title
    yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization
    Summary
    A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    yzhao062 pyod Affected: 3.5.0
    Affected: 3.5.1
    Affected: 3.5.2
        cpe:2.3:a:yzhao062:pyod:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem0000000 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:yzhao062:pyod:*:*:*:*:*:*:*:*"
              ],
              "product": "pyod",
              "vendor": "yzhao062",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5.0"
                },
                {
                  "status": "affected",
                  "version": "3.5.1"
                },
                {
                  "status": "affected",
                  "version": "3.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem0000000 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T03:45:08.697Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377872 | yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377872"
            },
            {
              "name": "VDB-377872 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377872/cti"
            },
            {
              "name": "CVE-2026-15529 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15529"
            },
            {
              "name": "Submit #854559 | Yue Zhao / yzhao062 pyod 3.5.0 through 3.5.2 CWE-502: Deserialization of Untrusted Data",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/854559"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/yzhao062/pyod/issues/697"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/yzhao062/pyod/pull/698"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/yzhao062/pyod/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T17:52:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15529",
        "datePublished": "2026-07-13T03:45:08.697Z",
        "dateReserved": "2026-07-12T15:47:24.318Z",
        "dateUpdated": "2026-07-13T03:45:08.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }