PT-2026-36130

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

CVE-2025-5173

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2025-4905

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function loadqcpickl of the file basestation3/QC.py. The manipulation of the argument qcfile leads to deserialization. An attack has to be approached locally. The exploit has bee...

CVE-2025-4905

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function loadqcpickl of the file basestation3/QC.py. The manipulation of the argument qcfile leads to deserialization. An attack has to be approached locally. The exploit has bee...

CVE-2025-4740

A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be us...

CVE-2025-4740 BeamCtrl Airiana coef deserialization

A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be us...

CVE-2025-4701 VITA-MLLM Freeze-Omni utils.py torch.load deserialization

A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local ho...

CVE-2025-3677

A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...

CVE-2025-3165

CVE-2025-3165 affects thu-pacman chitu 0.1.0. The vulnerability is in the function torch.load within chitu/chitu/backend.py, where manipulation of the arguments ckpt_path/quant_ckpt_dir leads to deserialization. An attack requires local access. The issue is documented across multiple feeds (NVD, ...

CVE-2025-3165 thu-pacman chitu backend.py torch.load deserialization

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckptpath/quantckptdir leads to deserialization. An attack has to be approached locally...

CVE-2024-4200 Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.2.514, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-4200 Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.2.514, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-1801 Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...