CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

EUVD-2025-205430

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-67450

CVE-2025-67450 affects Eaton UPS Companion software due to insecure library loading in the executable. An attacker with access to the software package could perform arbitrary code execution (Local, High impact). The issue is fixed in the latest Eaton EUC version available from the Eaton download ...

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

PT-2025-53454

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion software affected versions not specified Description The Eaton UPS Companion software contains a flaw related to insecure library loading. An attacker who has access to the software package could potentially execute arbitra...

lmdeploy 代码问题漏洞

lmdeploy is an InternLM open source toolkit for compressing, deploying and servicing LLM. A code issue vulnerability exists in versions of lmdeploy prior to 0.11.1 that stems from loading model checkpoint files without using the weightsonly parameter, which could lead to an attacker executing...

CVE-2025-8769

Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server...

CVE-2025-68350

In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent modulo operation i % maxracount, leading to a system crash. When...

CVE-2025-68350

In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent modulo operation i % maxracount, leading to a system crash. When...

PT-2025-53131

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the kexec functionality related to the ELF header buffer. The issue is identified by the kmemleak detector and occurs during the elf kexec load...

CVE-2025-14498

CVE-2025-14498 affects TradingView Desktop (Electron) due to an unsecured script loading location in the Electron framework, enabling local privilege escalation via an uncontrolled search path. The root cause is a misconfiguration that allows a low-privilege attacker who can run code on the targe...

PDFsam Enhanced 代码问题漏洞

PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A code issue vulnerability exists in PDFsam Enhanced that stems from an OpenSSL configuration that loads configuration files from insecure locations, potentially resulting in local elevation of privilege...

UBUNTU-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

EUVD-2025-204693

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware...

RLSA-2023:5360 Important: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. BZ2233891 Security Fixes: nodejs: Permissions policies can be bypassed via...

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...