Lucene search
K

38 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.18 views

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS7.6AI score0.00726EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.2 views

NVIDIA Merlin Transformers4Rec Deserialization Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a deserialization vulnerability that originates from unsafe deserialization processing of serialized data submitted by a user when...

8.8CVSS6.1AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.4 views

CVE-2025-33213

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS0.00541EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 5:48 p.m.2 views

CVE-2025-33213

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS6.7AI score0.00541EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 5:48 p.m.4 views

EUVD-2025-202258

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS6.5AI score0.00541EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 5:48 p.m.19 views

CVE-2025-33213

CVE-2025-33213 affects NVIDIA Merlin Transformers4Rec for Linux. The Trainer component has a deserialization vulnerability that could enable code execution, denial of service, information disclosure, and data tampering. Public sources corroborate the issue and note an associated CVSS v3.1 base sc...

8.8CVSS6.7AI score0.00541EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 5:48 p.m.21 views

CVE-2025-33213

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS0.00541EPSS
Exploits0References3
Nvidia
Nvidia
added 2025/12/09 12:0 a.m.13 views

Security Bulletin: NVIDIA Merlin - December 2025

NVIDIA has released an update for Merlin to address a security issue that might lead to the impacts described in this bulletin. To protect your system, clone or update this software to include the following commits: Commit 5dd11f4 or later from NVIDIA Merlin/NVTabular Commit 876f19e or later from...

8.8CVSS6.8AI score0.00541EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-24592

Malicious code in bioql PyPI...

7.8CVSS9.1AI score0.00726EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/21 12:0 a.m.6 views

NVIDIA Merlin Transformers4Rec Code Injection Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability, which originates from a Python dependency, that can be exploited by an attacker to perform malicious...

7.8CVSS7.5AI score0.00726EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/08/14 12:0 a.m.7 views

NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Transformers4Rec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.2AI score0.00726EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 6:15 p.m.64 views

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00726EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/13 5:28 p.m.3 views

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS7.6AI score0.00726EPSS
Exploits0References3
CVE
CVE
added 2025/08/13 5:28 p.m.41 views

CVE-2025-23298

Summary: CVE-2025-23298 affects NVIDIA Merlin Transformers4Rec. A vulnerability arises from a Python dependency in Transformers4Rec where loading a checkpoint with PyTorch’s torch.load() can deserialize objects via Python’s pickle, enabling arbitrary code execution. This could allow an attacker t...

7.8CVSS7.6AI score0.00726EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/13 5:28 p.m.42 views

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00726EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.8 views

PT-2025-33045

Name of the Vulnerable Software and Affected Versions NVIDIA Merlin Transformers4Rec for all platforms affected versions not specified Description NVIDIA Merlin Transformers4Rec contains a flaw in a Python dependency that could allow an attacker to cause a code injection issue. Successful...

7.8CVSS9.3AI score0.00726EPSS
Exploits0References36
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

NVIDIA Merlin Transformers4Rec 代码注入漏洞

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability, which originates from a Python dependency, that can be exploited by an attacker to perform malicious...

7.8CVSS7.4AI score0.00726EPSS
Exploits0References3
Nvidia
Nvidia
added 2025/08/12 12:0 a.m.10 views

Security Bulletin: NVIDIA Merlin Transformers4Rec - August 2025

NVIDIA has released a software update for NVIDIA Merlin Transformers4Rec. To protect your system, install the software including the Github commit b7eaea5 of NVIDIA Merlin Transformers4Rec. Go to NVIDIA Product Security...

7.8CVSS7.1AI score0.00726EPSS
Exploits0Affected Software1
Rows per page
Query Builder