Authorization Bypass Through User-Controlled Key

Overview nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user management and authentication process. An attacker can gain unauthorized access, escalate privileges, tamper...

Linux Distros Unpatched Vulnerability : CVE-2025-33231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Nsight Systems for Windows contains a vulnerability in the application's DLL loading mechanism where an attacker could cause an uncontrolled search path...

PT-2025-48060

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering...

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

EUVD-2024-15930

Malicious code in bioql PyPI...

EUVD-2024-15939

Malicious code in bioql PyPI...

PT-2025-36971

Name of the Vulnerable Software and Affected Versions: NVIDIA NVDebug affected versions not specified Description: The NVIDIA NVDebug tool contains an issue that may allow an actor to write files to restricted components. A successful exploit of this issue may lead to information disclosure, deni...

sha.js 安全漏洞

sha.js is an open source application from Browserify. A security vulnerability exists in sha.js version 2.4.11 and earlier, which stems from improper input validation and could lead to tampering of input data...

CVE-2021-1062

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

CVE-2025-23254

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering...

CVE-2025-23250

CVE-2025-23250 – NVIDIA NeMo Framework : A path traversal vulnerability exists in NVIDIA NeMo Framework from an improper limitation of a pathname to a restricted directory, enabling an arbitrary file write. Reports across multiple sources (NVD, Red Hat, Alpine, CNNVD, PT-Security, and NVIDIA advi...

CVE-2025-23243

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service...

CVE-2025-23243

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service...

CVE-2025-23243

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service...

CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)

The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23359 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerabili...

CVE-2024-0142

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2024-0142

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2024-0142

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2024-0142

CVE-2024-0142 affects NVIDIA nvJPEG2000 (library used for JPEG2000 decoding/encoding). Talos confirms a memory corruption via an out-of-bounds write in the nvJPEG2000 decoding path when parsing the SIZ/ Csiz and QCC components, where an attacker can supply a crafted JPEG2000 file to trigger an ou...

CVE-2024-0147

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering...