9944 matches found
CVE-2025-33247
NVIDIA Megatron LM is affected by CVE-2025-33247 due to a vulnerability in quantization configuration loading that could allow remote code execution. The security bulletin states this could lead to code execution, elevation of privileges, information disclosure, and data tampering. Affected produ...
CVE-2025-33247
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2026-33332
NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...
MAL-2026-2411 Malicious code in @wame/ngx-adfs (npm)
Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...
Malicious code in @wame/ngx-adfs (npm)
Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...
Malicious code in oc-ccp-module-client (npm)
Malware due to hex obfuscation, suspicious install script, dynamic module loading, OS command access, process object access, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2b4b9cee1369c441aa8d759bc04085a8e2b14786df20656a8c6bc249e6260...
MAL-2026-2416 Malicious code in oc-ccp-module-client (npm)
Malware due to hex obfuscation, suspicious install script, dynamic module loading, OS command access, process object access, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2b4b9cee1369c441aa8d759bc04085a8e2b14786df20656a8c6bc249e6260...
Malicious code in @ceeferenderer/itg-renderer-sdk (npm)
Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...
MAL-2026-2407 Malicious code in @ceeferenderer/itg-renderer-sdk (npm)
Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...
NVIDIA Megatron LM 代码问题漏洞
NVIDIA Megatron LM is a deep learning framework developed by NVIDIA Corporation for training large-scale language models and parallel computing. NVIDIA Megatron LM has code-related vulnerabilities; one of these vulnerabilities stems from a remote code execution vulnerability in quantitative...
NVIDIA Megatron-LM 代码问题漏洞
NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has code vulnerabilities, which stem from checkpoint loading issues...
NVIDIA Megatron-LM 代码问题漏洞
NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has code vulnerabilities, particularly an issue related to the...
NVIDIA Nemo Framework 代码问题漏洞
NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA NeMo Framework has code-related vulnerabilities, which stem from checkpoint loading issues. These vulnerabilities may lead to remote code execution...
Security Bulletin: NVIDIA Megatron LM - March 2026
NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.15.3 or later from NVIDIA/Megatron-LM on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...
PT-2026-27505
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
PT-2026-27512
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
PT-2026-27509
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2026-4538
A flaw was found in PyTorch. A local user can exploit a deserialization vulnerability within an unknown function of the pt2 Loading Handler component. This flaw could allow for information disclosure, data manipulation, or denial of service...
EUVD-2026-14280
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...