CVE-2026-31219

The connected documents confirm a concrete vulnerability in the optimate project: the _load_model() (or load_model()) function in neural_magic_training.py deserializes a single model file passed via --model using torch.load() without weights_only=True, enabling arbitrary Python object deserializa...

Keras Has A Local File Disclosure Via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and "ExternalLink" features when loading weights. A malicious ".weights.h5" or a ".keras" archive embedding such weights can direct "loadweights" to read from an arbitrary readable filesystem path. The bytes pulled from that pa...

CVE-2026-1669

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

Autodesk Shared Components 安全漏洞

Autodesk Shared Components is a component of Autodesk USA. A security vulnerability exists in Autodesk Shared Components that originates from an out-of-bounds write when parsing a specially crafted MODEL file, which could result in a crash, data corruption, or execution of arbitrary code in the...

Autodesk Shared Components 安全漏洞

Autodesk Shared Components is a component of Autodesk USA. A security vulnerability exists in Autodesk Shared Components that originates from a memory corruption when parsing a specially crafted MODEL file, which could lead to the execution of arbitrary code in the current process...

CVE-2025-10887

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

Vulnerability of software for modeling, designing, and drawing in AutoCAD, related to the execution of operations beyond buffer boundaries in memory, allowing attackers to execute arbitrary code or cause system failures.

The vulnerability of software for modeling, designing, and drawing in AutoCAD is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure using a specially created 3DM fi...

Vulnerability of software for modeling, design, and drawing in AutoCAD, related to reading data outside the buffer in memory, allowing a perpetrator to cause service failures and gain unauthorized access to protected information

The vulnerability of software for modeling, design, and drawing in AutoCAD is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause system failures and gain unauthorized access to protected information using a specially create...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the creation and upload of a customized GGUF model file. An attacker can cause the server to allocate unlimited memory, leading to system unavailability by uploading a...

PT-2025-11204 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read issue. This can be leveraged by a malicious actor to cause a crash, read...

The vulnerability of the libodxdll.dll library in the AutoCAD modeling, design, and drafting software allows a perpetrator to execute arbitrary code.

The vulnerability of the libodxdll.dll library in the AutoCAD modeling, design, and drawing software is related to a memory reclamation error. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially created MODEL file from a remote location...

PT-2024-7526 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: The issue is related to a maliciously crafted MODEL file that, when parsed, may cause an Out-of-Bounds Write. This could allow a malicious actor to cause a crash, data corruption, ...

PT-2024-7533 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: The issue is related to a Use-After-Free vulnerability in the libodxdll.dll library when parsing a maliciously crafted MODEL file in Autodesk AutoCAD. This can be exploited by a...

CVE-2024-23155

A maliciously crafted MODEL file, when parsed in atfasminterface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process...

CVE-2024-23155 Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in atfasminterface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process...

Autodesk AutoCAD Security Vulnerability

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A security vulnerability exists in Autodesk AutoCAD version 2024.1.5, which stems from an Autodesk application that can cause a buffer overflow when parsing a maliciously crafted MODEL file in atfasminterface.dll...

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. An out-of-bounds read vulnerability exists in Autodesk AutoCAD version 2024.1.5, which stems from a lack of proper validation of user-supplied data when parsing a maliciously crafted MODEL file i...

The vulnerability of the analyzer in the MODEL software environment of the simulation modeling tool for systems and processes in Siemens Tecnomatix Plant Simulation allows a perpetrator to execute arbitrary code.

The vulnerability of the MODEL analyzer in the Siemens Tecnomatix Plant Simulation software environment relates to writing beyond buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted MODEL file...

DEBIAN-CVE-2023-46046

An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via tiexpr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files...