CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/12 6:30 p.m.•5 views

EUVD-2026-29613

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00027EPSS

EUVD•added 2026/05/12 6:30 p.m.•6 views

EUVD-2026-29616

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00034EPSS

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-XP5Q-5Q7G-Q26R Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.3AI score0.00088EPSS

OSV•added 2026/05/12 6:30 p.m.•3 views

GHSA-WCR3-GM9F-F87Q Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.00513EPSS

Github Security Blog•added 2026/05/12 6:30 p.m.•4 views

Ludwig framework is vulnerable to insecure deserialization in its model serving component

9.8CVSS6.3AI score0.00088EPSS

Snyk•added 2026/05/12 6:30 p.m.•4 views

Deserialization of Untrusted Data

Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the predict method. An attacker can execute arbitrary code by supplying a maliciousl...

9.8CVSS6.1AI score0.00513EPSS

EUVD•added 2026/05/12 6:30 p.m.•7 views

EUVD-2026-29561

6.3AI score0.00088EPSS

EUVD•added 2026/05/12 6:30 p.m.•3 views

EUVD-2026-29562

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

6.1AI score0.00054EPSS

Github Security Blog•added 2026/05/12 6:30 p.m.•4 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

9.8CVSS6.1AI score0.00054EPSS

Github Security Blog•added 2026/05/12 6:30 p.m.•8 views

Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00282EPSS

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-FQ92-QC8F-482V Snorkel BaseLabeler.load uses an unsafe pickle.load

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

8.8CVSS6.5AI score0.00282EPSS

Github Security Blog•added 2026/05/12 6:30 p.m.•7 views

Snorkel Trainer.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00282EPSS

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

7.8CVSS6.3AI score0.00191EPSS

Exploits1References3

EUVD•added 2026/05/12 6:30 p.m.•4 views

EUVD-2026-29505

6.3AI score0.00191EPSS

Exploits1References3

Snyk•added 2026/05/12 6:30 p.m.•5 views

Deserialization of Untrusted Data

Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load function of the BaseLabeler class, which uses the pickle.load method on user-supplied file paths without...

8.8CVSS6.3AI score0.00282EPSS

EUVD•added 2026/05/12 6:30 p.m.•5 views

EUVD-2026-29501

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

6.2AI score0.00108EPSS