CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

CNNVD•added 2026/02/03 12:0 a.m.•3 views

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has a code injection vulnerability. This vulnerability stems from...

7.8CVSS7.2AI score0.00018EPSS

Exploits0References2

CNNVD•added 2025/11/11 12:0 a.m.•2 views

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that is specifically designed for training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that stems from scripts improperly handling malicious data, which could lea...

7.8CVSS7AI score0.00024EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-7029

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.0208EPSS

Exploits0References2

Packet Storm News•added 2025/10/03 12:0 a.m.•3 views

A Lightweight Federated Learning Approach for Privacy-Preserving Botnet Detection in IoT

The rapid growth of the Internet of Things IoT has expanded opportunities for innovation but also increased exposure to botnet-driven cyberattacks. Conventional detection methods often struggle with scalability, privacy, and adaptability in resource-constrained IoT environments. To address these...

6.8AI score

Exploits0

Microsoft CVE•added 2025/09/03 11:22 p.m.•1 views

PyTorch nccl.py torch.cuda.nccl.reduce denial of service

...

4.8CVSS7AI score0.00093EPSS

Exploits0

CNVD•added 2025/08/21 12:0 a.m.•2 views

NVIDIA Megatron-LM Code Injection Vulnerability (CNVD-2025-19536)

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that originates in the megatron/training/arguments.py component, which can be exploited b...

7.8CVSS7.9AI score0.00034EPSS

Exploits0References1

OSV•added 2025/08/19 2:15 p.m.•3 views

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

6.5CVSS6.4AI score0.00261EPSS

Exploits1References5

CNNVD•added 2025/08/13 12:0 a.m.•2 views

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that originates in a tool component and can be exploited by an attacker to modify the...

7.8CVSS7.6AI score0.00034EPSS

Exploits0References3

RedhatCVE•added 2025/03/22 11:47 a.m.•4 views

CVE-2024-9052

A flaw was found in the vLLM distributed training API. This vulnerability allows remote code execution via unsafe deserialization, which uses pickle.loads without sanitization...

2.6CVSS9.7AI score

Exploits0References5

NVD•added 2025/03/20 10:15 a.m.•22 views

CVE-2024-9052

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0

Vulnrichment•added 2025/03/20 10:9 a.m.•6 views

CVE-2024-9052

...

6.4AI score

Exploits0

CVE•added 2025/03/20 10:9 a.m.•1360 views

CVE-2024-9052

Summary: CVE-2024-9052 relates to a deserialization flaw in the vLLM project’s distributed training API. The issue enables remote code execution via unsafe deserialization of object bytes using pickle.loads() without sanitization, specifically within the vllm.distributed.GroupCoordinator.recv_obj...

9.7AI score

Exploits0

Cvelist•added 2025/03/20 10:9 a.m.•7 views

CVE-2024-9052

...

Exploits0

Snyk•added 2024/11/12 6:44 p.m.•2 views

Out-of-bounds Write

Overview lightgbm is a gradient boosting framework that uses tree based learning algorithms. Affected versions of this package are vulnerable to Out-of-bounds Write in linkerssocket.cpp, used during initialization of distributed training. An attacker can exploit a race condition to connect to a...

9.2CVSS6.9AI score0.01877EPSS

Exploits0References2

RedhatCVE•added 2024/06/27 1:25 p.m.•34 views

CVE-2024-5480

A vulnerability in PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

8.2AI score

Exploits0References3

Tenable Nessus•added 2024/06/25 12:0 a.m.•27 views

PyTorch < 2.2.2 RCE

The remote host contains a torchserve version that is prior to 2.2.2. It is, therefore, affected by a remote code execution vulnerability. A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework...

6.8AI score

Exploits0References2

NVD•added 2024/06/06 7:16 p.m.•13 views

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0

OSV•added 2024/06/06 7:16 p.m.•7 views

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

8.1AI score

Exploits0References2