CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

CVE-2026-38950

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

0.00052EPSS

Exploits0References3

Vulnrichment•added 3 days ago•4 views

CVE-2026-38950

6.2AI score0.00052EPSS

Exploits0References3

CVE•added 3 days ago•8 views

CVE-2026-38950

CVE-2026-38950 affects ESA AnomalyMatch prior to 1.3.1. The issue arises from loading model files from session directories with torch.load(), enabling unrestricted deserialization and arbitrary code execution. Affected component: model checkpoint loading in AnomalyMatch. Impact: potential full co...

7.8CVSS6.2AI score0.00052EPSS

Exploits0References3

RedhatCVE•added 2026/05/15 7:57 p.m.•4 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00282EPSS

Exploits0References1

RedhatCVE•added 2026/05/15 7:57 p.m.•6 views

CVE-2026-31219

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

8.8CVSS6.3AI score0.00164EPSS

Exploits0References1

RedhatCVE•added 2026/05/15 1:57 a.m.•3 views

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.3AI score0.00088EPSS

Exploits0References1

RedhatCVE•added 2026/05/15 1:57 a.m.•2 views

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

8.8CVSS6.5AI score0.0025EPSS

Exploits0References1

RedhatCVE•added 2026/05/12 8:21 p.m.•7 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

7.3CVSS6.1AI score0.00047EPSS

Exploits0References1

RedhatCVE•added 2026/05/12 8:21 p.m.•2 views

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

5.7CVSS6.1AI score0.00017EPSS

Exploits0References1

OSV•added 2026/05/12 6:30 p.m.•3 views

GHSA-XP5Q-5Q7G-Q26R Ludwig framework is vulnerable to insecure deserialization in its model serving component

9.8CVSS6.3AI score0.00088EPSS

Exploits0References3

Github Security Blog•added 2026/05/12 6:30 p.m.•3 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00054EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/12 6:30 p.m.•6 views

EUVD-2026-29552

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.00513EPSS

Exploits0References3

EUVD•added 2026/05/12 6:30 p.m.•4 views

EUVD-2026-29506

6.3AI score0.00282EPSS

Exploits0References3

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-78CP-F66X-QMH5 Snorkel Trainer.load uses an unsafe torch.load

8.8CVSS6.3AI score0.00282EPSS

Exploits0References3

OSV•added 2026/05/12 6:30 p.m.•5 views

GHSA-GPX5-7XM4-229W Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00282EPSS

Exploits0References3

EUVD•added 2026/05/12 6:30 p.m.•6 views

EUVD-2026-29508

6.3AI score0.00282EPSS

Exploits0References3

EUVD•added 2026/05/12 6:30 p.m.•3 views

EUVD-2026-29502

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

6.3AI score0.00164EPSS

Exploits0References3