Lucene search
K

7 matches found

EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29552

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 6:30 p.m.10 views

GHSA-GPX5-7XM4-229W Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 4:16 p.m.10 views

CVE-2026-31214

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

9.8CVSS0.00486EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39636

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...

6.1AI score0.00218EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/02/04 12:0 a.m.2 views

The vulnerability of the weightsOnly parameter in the torch.load() function of the PyTorch machine learning framework allows a hacker to execute arbitrary code.

The vulnerability of the weightsOnly parameter in the torch.load function of the PyTorch machine learning framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS6.3AI score0.00695EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/12/26 5:34 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the torch.load function. An attacker can execute arbitrary code by providing a specially crafted model file that is loaded without proper security parameters. Details Serialization is a process of...

8.8CVSS7.6AI score0.00487EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13502

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00762EPSS
Exploits0References4
Rows per page
Query Builder