Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Summary Using torch.utils.configmodule.loadconfig function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.configmodule.loadconfig function in reduce...

GHSA-VV6J-3G6G-2PVJ Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Summary Using torch.utils.configmodule.loadconfig function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.configmodule.loadconfig function in reduce...

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

SUSE-SU-2025:02963-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak bsc1245227 - CVE-2025-7345: Fixed heap buffer overflow within the gdkpixbufjpegimageloadincrement function bsc1246114...

Linux Distros Unpatched Vulnerability : CVE-2016-6525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the pdfloadmeshparams function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service crash or execute...

CVE-2025-57751

The CVE-2025-57751 issue affects pyLoad, specifically the CNL Blueprint. The vulnerability arises from missing validation of the jk parameter, which is processed as JavaScript via evaljs (depending on Python version, via js2py or dukpy). An attacker-supplied jk can cause the server to execute arb...

Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak bsc1245227 CVE-2025-7345: Fixed heap buffer overflow within the gdkpixbufjpegimageloadincrement function bsc1246114 Patch Instructions: To install this SUSE...

SUSE-SU-2025:02954-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak bsc1245227 - CVE-2025-7345: Fixed heap buffer overflow within the gdkpixbufjpegimageloadincrement function bsc1246114...

Linux Distros Unpatched Vulnerability : CVE-2020-0551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Load value injection in some IntelR Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via ...

Linux Distros Unpatched Vulnerability : CVE-2023-51105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A floating point exception divide-by-zero vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmpdecompressrle4 of load-bmp.c. CVE-2023-51105 Note...

Linux Distros Unpatched Vulnerability : CVE-2023-26044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a...

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

CVE-2025-8618

CVE-2025-8618 affects WPC Smart Quick View for WooCommerce (WordPress). Vulnerability: Stored Cross-Site Scripting via the woosq_btn shortcode caused by insufficient input sanitization and output escaping in versions up to 4.2.1. Impact: authenticated attackers with contributor-level access and h...

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

(Pwn2Own) NVIDIA Triton Inference Server LoadFromSharedMemory Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LoadFromSharedMemory function. The issue results from the lac...

Linux Distros Unpatched Vulnerability : CVE-2021-21707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename...

Deserialization of Untrusted Data

Overview verl is a verl: Volcano Engine Reinforcement Learning for LLM Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.load function in the modelmerger.py script when processing user-supplied .pt files with weightsonly=False. An attacker can...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

Security update for 389-ds

This update for 389-ds fixes the following issues: Update to version 2.0.20git64.628a24b68: Security fixes: CVE-2025-3416: Fixed openssl use after free bsc1242666 Other fixes: resolve infinite loop due when loading RUV entryrdn bsc1243428 Upstream changelog: Issue 6119 - Synchronise acceptthread...