Lucene search
K

878 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed an issue where dirty data was not accounted in getsecsrequired. This could trigger a system panic in certain test cases. Kernel bug at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call trace:...

5.5CVSS6.2AI score0.00216EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to perform a sanity check on totaldatablocks. As reported by Yanming in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215916 The kernel message is as follows: Kernel BUG at fs/f2fs/segment.c:2560! Call...

5.5CVSS6AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “f2fs: block cache/dio write during f2fsenablecheckpoint”. This revert commits 196c81fdd438f7ac429d5639090a9816abb9760a. The original patch might cause a deadlock; revert it. write remount - writebegin - lockpage --- lock ...

5.5CVSS5.3AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 4:16 p.m.35 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 3:52 p.m.7 views

CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:52 p.m.7 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00285EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 3:52 p.m.18 views

EUVD-2026-30322

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 3:52 p.m.3 views

CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6.1AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 3:52 p.m.63 views

CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Aegra 授权问题漏洞

Aegra is a large-scale model application platform developed by Aegra Corporation, designed for building and orchestrating multi-step intelligent agent processes. Versions of Aegra prior to 0.9.7 contained an authorization vulnerability. This vulnerability stemmed from multiple authenticated users...

8.6CVSS6AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.9 views

CVE-2026-31214

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

9.8CVSS6.3AI score0.00486EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/13 8:29 a.m.91 views

unverified_exploits

Unverified Exploits - Rule-Based Exploit Generation & Testing...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.10 views

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

7.3CVSS6.1AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.9 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29505

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00385EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/12 6:30 p.m.7 views

GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

7.8CVSS6.3AI score0.00385EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29498

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

6.3AI score0.00486EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/12 5:22 p.m.12 views

Deserialization of Untrusted Data

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.7 views

Deserialization of Untrusted Data

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this functio...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
Rows per page
Query Builder