434 matches found
LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets
Bitcoin's Lightning Network LN can be exploited as a covert, low-cost command-and-control C&C channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain proof-of-concept prototypes evaluated only through simulation, leaving key questions about real-world topology...
CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
CVE-2026-44484
A flaw was found in PyTorch Lightning. This deep learning framework introduced functionality that could be leveraged as a credential harvesting mechanism. A remote attacker could exploit this to obtain sensitive user credentials, leading to significant information disclosure and potential further...
CVE-2026-44484
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
EUVD-2026-30303
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484
PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...
Linux Distros Unpatched Vulnerability : CVE-2026-31221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The...
PyTorch Lightning 安全漏洞
PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...
PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
ablation (=0.1.0), ace-step (=0.1.0) +576 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=0.10.0 <=2.6.0)
pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 and more Source cves: CVE-2026-31221 Source advisory: OSV:GHSA-75M9-98V2-HJPM...
GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
ace-step (=0.1.0), admetica (>=1.3.0 <=1.4.1) +212 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=2.0.0 <=2.6.0)
pytorch-lightning PYPI version =2.0.0, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 - anytext-z =0.1.1 - arcagent =0.0.1 - arccmd =0.2.0 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-16643334...
adaptive-kmpc-py (>=0.1.0 <=0.1.1), admetica (>=1.3.0 <=1.4.1) +229 more potentially affected by CVE-2026-31221 via lightning (>=2.0.0 <=2.6.0.dev20251123)
lightning PYPI version =2.0.0, =0.1.0, =1.3.0, =1.9.0, =1.9.0, =0.1.16, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.8.3b20230916, =1.5.1b20260530 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-LIGHTNING-16643333...
Deserialization of Untrusted Data
Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...
CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
UBUNTU-CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...