PT-2026-40053

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

CVE-2026-31214

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

CVE-2026-24152

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24152

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

PT-2026-27511

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...

EUVD-2012-3266

Malware in sbrugna...

Exploit for Deserialization of Untrusted Data in Huggingface Transformers

CVE-2024-11394 Hugging Face Transformers Trax Model Deseri...

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0011) (remote check)

The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this, via a specially crafted checkpoint file, to corrupt memory, resulting in a denial of...

VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0011 Synopsis: VMware hosted products and ESXi and ESX patches address security issues Issue date: 2012-06-14 Updated on: 2012-06-1...

VMSA-2012-0011 VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.

The remote ESXi is missing one or more security related Updates from VMSA-2012-0011. Summary VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues. Relevant releases: Workstation 8.0.3 Workstation 7.1.5 Player 4.0.3 Player 3.1.5 Fusion 4.1.2 ESXi 5.0 without patch...

Memory corruption

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denia...

CVE-2012-3288

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denia...

See through cyber attacks magic: Log Parser-vulnerability warning-the black bar safety net

“Log Parser”is the most useful free Web Services Tools. It uses SQL-style Query mode analysisWeb serverlog file, and then returns a report that shows records that match the query all of the content. You can use Log Parser to create a search query, find trying to attack yourWeb serverand execute...