Lucene search
+L

448 matches found

RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-58659

A flaw was found in PyTorch Lightning. This vulnerability allows attackers to achieve remote code execution by crafting malicious checkpoint files. These files exploit a weakness in the loadstate function, which imports and executes attacker-controlled module names from checkpoint instantiator...

8.4CVSS6.4AI score0.00235EPSS
Exploits0References7
NVD
NVD
added 3 days ago5 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS0.00235EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-58659

Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44751

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-58659 PyTorch Lightning Arbitrary Code Execution via _instantiator Hyperparameter

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS0.00235EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-58659 PyTorch Lightning Arbitrary Code Execution via _instantiator Hyperparameter

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-508 Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-386 pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

9.1CVSS7.7AI score0.01307EPSS
Exploits1References8
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-385 Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS8AI score0.26488EPSS
Exploits3References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-507 PyTorch Lightning path traversal vulnerability

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS6.5AI score0.01019EPSS
Exploits1References6
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.12 views

LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets

Bitcoin's Lightning Network LN can be exploited as a covert, low-cost command-and-control C&C channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain proof-of-concept prototypes evaluated only through simulation, leaving key questions about real-world topology...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/15 6:8 a.m.27 views

CVE-2026-44484

A flaw was found in PyTorch Lightning. This deep learning framework introduced functionality that could be leveraged as a credential harvesting mechanism. A remote attacker could exploit this to obtain sensitive user credentials, leading to significant information disclosure and potential further...

9.8CVSS5.7AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 3:16 p.m.75 views

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.8CVSS0.00392EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 2:59 p.m.42 views

EUVD-2026-30303

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:59 p.m.9 views

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 2:59 p.m.8 views

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 2:59 p.m.40 views

CVE-2026-44484

PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/14 2:59 p.m.94 views

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS0.00392EPSS
Exploits0References1
Rows per page
Query Builder