Lucene search
K

37 matches found

EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29503

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

6.3AI score0.00559EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40116

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40125

Name of the Vulnerable Software and Affected Versions Ludwig framework versions prior to 0.10.5 Description The model serving component is subject to insecure deserialization. When initiating a model server via the ludwig serve command, the framework utilizes the torch.load function to load model...

9.8CVSS6.5AI score0.00497EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.38 views

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

0.006EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.7 views

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40058

The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...

6.3AI score0.00559EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 11:9 p.m.5 views

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

7.1CVSS5.8AI score0.00299EPSS
Exploits3References8
Snyk
Snyk
added 2026/04/20 3:49 p.m.5 views

Arbitrary Code Injection

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the reranking endpoint when a model file containing a malicious tokenizer.chattemplate is loaded, due to...

9.8CVSS6.4AI score0.00852EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/18 7:39 p.m.4 views

CVE-2026-0875

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS7.5AI score0.00215EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/01/22 5:50 p.m.4 views

Heap-based Buffer Overflow

Overview sentencepiece is an Unsupervised text tokenizer and detokenizer. Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the processing of a malicious model file. An attacker can cause the application to access invalid memory regions by supplying a model file...

8.5CVSS5.9AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

lmdeploy 代码问题漏洞

lmdeploy is an InternLM open source toolkit for compressing, deploying and servicing LLM. A code issue vulnerability exists in versions of lmdeploy prior to 0.11.1 that stems from loading model checkpoint files without using the weightsonly parameter, which could lead to an attacker executing...

8.8CVSS9AI score0.00487EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 11:55 p.m.7 views

CVE-2025-10888

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS7.6AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 11:55 p.m.6 views

CVE-2025-10899

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS7.6AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 12:30 a.m.6 views

EUVD-2025-203451

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS7.1AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 12:30 a.m.6 views

EUVD-2025-203453

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS7.3AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 12:16 a.m.8 views

CVE-2025-10898

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS6.1AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51333

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD affected versions not specified Description A specially crafted MODEL file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could allow a malicious actor to cause a...

7.8CVSS7.2AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51332

Name of the Vulnerable Software and Affected Versions Autodesk products affected versions not specified Description A specially designed MODEL file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could lead to a program crash, data...

7.8CVSS7AI score0.0021EPSS
Exploits0References8
Veracode
Veracode
added 2025/11/26 2:27 p.m.6 views

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

8.2AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-25170

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00462EPSS
Exploits1References5
Rows per page
Query Builder