CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

PT-2026-40058

The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...

Adobe Media Encoder 输入验证错误漏洞

Adobe Media Encoder is a audio and video encoding application developed by Adobe, a company based in the United States. Versions of Adobe Media Encoder such as 26.0.2, 25.6.4, and earlier versions had a vulnerability related to input validation errors. This vulnerability stemmed from integer...

WordPress plugin GWD Connect 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Adobe Substance3D Painter 缓冲区错误漏洞

Adobe Substance3D Painter is a 3D scene building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 12.0.2 and earlier contain a buffer overflow vulnerability, which stems from out-of-bound writes, potentially allowing arbitrary code to execute in the...

RHEL 9 : golang (RHSA-2026:16494)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16494 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: golang: Go golang and cmd/go: Arbitrary Code Execution via...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability caused by the reuse of extensions after they were released. This vulnerability could allow attackers to execute arbitrary code...

PT-2026-39994

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-31214

The vulnerability CVE-2026-31214 affects the torch-checkpoint-shrink.py script in the ml-engineering project, commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling weights_only=True, allowing the deser...

Adobe Media Encoder < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-47) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-47 advisory. - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound...

Adobe Premiere Pro < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-46) (macOS)

The version of Adobe Premiere Pro installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-46 advisory. - Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that...

Adobe After Effects < 25.6.5 / 26.0 < 26.2 Multiple Arbitrary code execution (APSB26-48) (macOS)

The version of Adobe After Effects installed on the remote macOS host is prior to 25.6.5, 26.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-48 advisory. - After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow...

ROS-20260512-73-0012

Vulnerability in python-tornado related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

PT-2026-39923

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

PT-2026-40062

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

PT-2026-40429

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

PT-2026-40168

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40326

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...