CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

PT-2025-33729 · Volcengine · Volcengine Verl

Name of the Vulnerable Software and Affected Versions: Volcengine versions 3.0.0 Description: A deserialization vulnerability exists in Volcengine's scripts/model merger.py script when using the "fsdp" backend. The script calls torch.load with weights only=False on user-supplied .pt files, allowi...

CVE-2025-50461

CVE-2025-50461 describes a deserialization vulnerability in Volcengine Verl 3.0.0, specifically in scripts/model_merger.py when using the "fsdp" backend. The code calls torch.load() with weights_only=False on user-supplied .pt files, enabling arbitrary code execution if a malicious model file is ...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

CVE-2025-20627

Uncontrolled search path for some IntelR oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

The vulnerability of the compiler for developing and optimizing parallel applications that use the Data Parallel C++ programming language, oneAPI DPC++/C++ Compiler, stems from access control deficiencies, allowing attackers to exploit their privileges.

The vulnerability of the compiler for developing and optimizing parallel applications that use the Data Parallel C++ programming language, the oneAPI DPC++/C++ Compiler, is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges...

Intel(R) oneAPI DPC++/C++ Compiler Security Vulnerability

IntelR oneAPI DPC++/C++ Compiler is a compiler from Intel Corporation USA. A security vulnerability previously existed in Intel oneAPI DPC++/C++ Compiler software version 2023.2.1, which stems from improper access control in the affected product. It could result in an authenticated user potential...

PT-2024-1790 · Intel · Intel Oneapi Dpc++/C++ Compiler

Name of the Vulnerable Software and Affected Versions: IntelR oneAPI DPC++/C++ Compiler versions prior to 2023.2.1 IntelR oneAPI DPC++/C++ Compiler versions prior to 2022.2.1 for some IntelR oneAPI Toolkits before version 2022.3.1 Description: The issue is related to improper access control in th...

Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞

IntelR oneAPI DPC++/ c++ Compiler is a compiler from Intel Corporation USA. A security vulnerability exists in IntelR oneAPI DPC++/ c++ Compiler versions prior to 2022.2.1, which stems from its improper access control on certain IntelR oneAPI Toolkits versions prior to 2022.3.1 that could allow...

Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞

Intel OneApi Toolkits is a set of core tools and libraries from the United States Intel Intel. It is used to develop high-performance, data-centric applications across different architectures. A buffer error vulnerability exists in IntelR oneAPI DPC++/C++ Compiler versions prior to 2021.8, which...

[SECURITY] Fedora 36 Update: golang-github-apache-beam-2-2.33.0~RC1-8.fc36

Apache Beam is a unified model for defining both batch and streaming data-parallel processing pipelines, as well as a set of language-specific SDKs for constructing pipelines and Runners for executing them on distributed processing backends, including Apache Flink, Apache Spark, Google Cloud...

[SECURITY] Fedora 35 Update: golang-github-apache-beam-2-2.33.0~RC1-7.fc35

Apache Beam is a unified model for defining both batch and streaming data-parallel processing pipelines, as well as a set of language-specific SDKs for constructing pipelines and Runners for executing them on distributed processing backends, including Apache Flink, Apache Spark, Google Cloud...