CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/11 5:16 p.m.•8 views

CVE-2026-31253

7.3CVSS0.00047EPSS

NVD•added 2026/05/11 5:16 p.m.•6 views

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

7.3CVSS0.00047EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31253

ATTACKERKB•added 2026/05/11 12:0 a.m.•4 views

CVE-2026-31250

CNNVD•added 2026/05/11 12:0 a.m.•4 views

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention, which stems from the checkpoint loading mechanism using torch.load to load checkpoint files without enabling the...

7.3CVSS6.2AI score0.00047EPSS

Cvelist•added 2026/05/11 12:0 a.m.•23 views

CVE-2026-31250

0.00047EPSS

ATTACKERKB•added 2026/05/11 12:0 a.m.•4 views

CVE-2026-31253

Positive Technologies•added 2026/05/11 12:0 a.m.•11 views

PT-2026-39635

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its average model.py model averaging tool. The script loads PyTorch checkpoint files epoch .pt for model averaging using torch.load without enabling the weights...

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39638

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The load checkpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

CVE•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31253

The CVE-2026-31253 entry concerns the flash-attention training framework. A deserialization flaw exists in the checkpoint loading path (checkpoint.py load_checkpoint and eval.py) where torch.load() is used without weights_only=True, enabling pickle-based object deserialization. This can allow an ...

7.3CVSS6.1AI score0.00047EPSS

CVE•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31250

CosyVoice (commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e) suffers an insecure deserialization vulnerability (CWE-502) in average_model.py used for model averaging. The tool loads PyTorch checkpoint files (epoch_*.pt) with torch.load() without enabling weights_only=True, allowing pickle-based de...

7.3CVSS6.1AI score0.00047EPSS

Cvelist•added 2026/05/11 12:0 a.m.•26 views

CVE-2026-31253

0.00047EPSS

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38409

Name of the Vulnerable Software and Affected Versions Aegra versions 0.9.0 through 0.9.6 Description Shared instances with multiple authenticated users are susceptible to a cross-tenant Insecure Direct Object Reference IDOR. An authenticated attacker who obtains another user's thread id can execu...

8.6CVSS6.1AI score0.00014EPSS

Exploits0References8

Tenable Nessus•added 2026/05/04 12:0 a.m.•2 views

RHCOS 4 : OpenShift Container Platform 4.15.44 (RHSA-2025:0648)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:0648 advisory. - cri-o: Checkpoint restore can be triggered from different namespaces CVE-2024-8676 Note that Nessus has not tested for this issue but has...

7.4CVSS7.1AI score0.0031EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to account for dirty data in getsecsrequired. This could trigger a system panic in the test case provided in 1. Kernel bug at fs/f2fs/segment.c:2752: RIP: 0010:newcurseg+0xc81/0x2110 Call trace:...

5.5CVSS6.2AI score0.00017EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Replace WARNONs with nilfserror for checkpoint acquisition failures. If the creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch...

5.5CVSS5.8AI score0.00016EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...

7.1CVSS6.6AI score0.00017EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix for a kernel crash that occurred due to a null io-bio. We should return immediately if io-bio is null before performing any actions. Otherwise, a panic will occur. Bug: Kernel NULL pointer dereferencing, address:...

7.1CVSS5.7AI score0.00017EPSS