Skip to main content

Exo

2 CVEs product

Monthly

CVE-2026-14738 LOW POC PATCH Monitor

Weak hashing in exo-explore exo up to version 1.0.71 exposes the Vision Feature Cache to hash collision attacks via the `_image_cache_key` function in `src/exo/worker/engines/mlx/vision.py`. A remote, unauthenticated attacker capable of engineering the necessary collision inputs could disclose cached vision feature data, yielding a low confidentiality impact. Publicly available exploit code exists (referenced in GitHub issue #2151), though high attack complexity (AC:H) and the absence of a CISA KEV listing indicate no confirmed widespread active exploitation at time of analysis.

Information Disclosure Exo
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.2%
CVE-2022-32278 HIGH PATCH This Week

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exo Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.5%
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Weak hashing in exo-explore exo up to version 1.0.71 exposes the Vision Feature Cache to hash collision attacks via the `_image_cache_key` function in `src/exo/worker/engines/mlx/vision.py`. A remote, unauthenticated attacker capable of engineering the necessary collision inputs could disclose cached vision feature data, yielding a low confidentiality impact. Publicly available exploit code exists (referenced in GitHub issue #2151), though high attack complexity (AC:H) and the absence of a CISA KEV listing indicate no confirmed widespread active exploitation at time of analysis.

Information Disclosure Exo
NVD VulDB GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exo Debian Linux
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy