CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

EUVD-2026-29097

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

CVE-2026-31250

CosyVoice (commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e) suffers an insecure deserialization vulnerability (CWE-502) in average_model.py used for model averaging. The tool loads PyTorch checkpoint files (epoch_*.pt) with torch.load() without enabling weights_only=True, allowing pickle-based de...

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability stems from the averagemodel.py model averaging tool, which loads checkpoint files using torch.load without enabling the weights-only=True...

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

Insider Betting on Polymarket

Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets--­defined as wagers of $2,500 or more at odds of 35 percent or less--­on the platform had an average win rate of around 52 percent in markets...

SUSE CVE-2026-31770

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

CVE-2026-31770

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

CVE-2026-31770 hwmon: (occ) Fix division by zero in occ_show_power_1()

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

PT-2026-36405

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero flaw exists in the occ show power 1 function. In case 1 of this function, the accumulator is divided by the update tag variable without verifying if it is zero. If no...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004176 advisory. A potential vulnerability in the AMD extension to Linux hwmon service may allow an attacker to use the Linux-based Running Average Power Limit RAPL interface to show...

Unbreakable Enterprise kernel security update

5.15.0-315.196.5.1 - netfilter: nftables: reject duplicate device on updates Pablo Neira Ayuso Orabug: 38744086 CVE-2025-38678 - Reapply 'cpuidle: menu: Avoid discarding useful information' Harshvardhan Jha Orabug: 38744084 - rtc: expose RTCFEATUREUPDATEINTERRUPT Alexandre Belloni Orabug: 3874408...

Average Hardness of SIVP for Module Lattices of Fixed Rank

The problem of finding short vectors in Euclidean lattices is a central hard problem in complexity theory. The case of module lattices i.e., lattices which are also modules over a number ring is of particular interest for cryptography and computational number theory. The hardness of finding short...

EUVD-2025-124964

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4mbinit In ext4mbinit, ext4mbavgfragmentsizedestroy may be called when sbi-smbavgfragmentsize remains uninitialized e.g., if groupinfo slab cache allocation fails. Since...

UBUNTU-CVE-2025-40119

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4mbinit In ext4mbinit, ext4mbavgfragmentsizedestroy may be called when sbi-smbavgfragmentsize remains uninitialized e.g., if groupinfo slab cache allocation fails. Since...

EUVD-2025-101320

Malicious code in averagemammalz3n npm...

EUVD-2025-93130

Malicious code in averagemitez3n npm...

EUVD-2025-74980

Malicious code in averagedove-gooddev npm...

EUVD-2025-77718

Malicious code in averagebutterflyz3n npm...

MAL-2025-99687 Malicious code in average_wildcat_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cffcae53ebfdfd81aab6dcde5f31d2417a3cb537b9934a3695202ae35c0a715 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...