Lucene search
K

41 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.8 views

EUVD-2026-29562

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

6.1AI score0.00409EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.7 views

ebes (>=0.0.0 <=0.0.3), helical (>=0.0.1a8 <=0.0.1a9) +2 more potentially affected by CVE-2026-31239 via mamba-ssm (>=1.0.1 <=2.2.5)

mamba-ssm PYPI version =1.0.1, =0.0.0, =0.0.1a8, =1.0.0, =1.2.0 - ml-trainer-sdk =0.1.0 Source cves: CVE-2026-31239 Source advisory: OSV:GHSA-PQ2F-X424-6FJM...

9.8CVSS5.5AI score0.00409EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/12 6:16 p.m.11 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS0.00409EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.19 views

CVE-2026-31239

The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Mamba 安全漏洞

Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40126

Name of the Vulnerable Software and Affected Versions mamba versions prior to 2.2.7 Description Insecure deserialization occurs when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained function uses torch.load to load the pytorch model.bin weight file without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.35 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

0.00409EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/28 8:35 a.m.10 views

CVE-2026-7141

A flaw was found in vllm. A remote attacker can exploit a vulnerability in the hasmambalayers function within the KV Block Handler component. By performing a specific manipulation, an uninitialized resource can be triggered, potentially leading to information disclosure or denial of service. The...

6.3CVSS5.1AI score0.00288EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/27 6:32 p.m.9 views

vLLM makes Use of Uninitialized Resource

A vulnerability was found in vLLM up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

6.3CVSS5.5AI score0.00288EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2026/04/27 6:19 p.m.7 views

Use of Uninitialized Resource

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Uninitialized Resource via the hasmambalayers function in the KV Block Handler. An attacker can cause unintended behavior by leaking data...

6.3CVSS6.2AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 5:16 p.m.4 views

CVE-2026-7141

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

6.3CVSS0.00288EPSS
Exploits0References7
CVE
CVE
added 2026/04/27 4:45 p.m.21 views

CVE-2026-7141

CVE-2026-7141 affects vllm up to 0.19.0, specifically the KV Block Handler’s has_mamba_layers function in vllm/v1/kv_cache_interface.py. A manipulation can trigger an uninitialized resource, with remote initiation possible. The issue is described as high complexity and difficult exploitability, w...

6.3CVSS5.4AI score0.00288EPSS
Exploits0References7Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.7 views

Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models

Jailbreaking large language models LLMs has emerged as a critical security challenge with the widespread deployment of conversational AI systems. Adversarial users exploit these models through carefully crafted prompts to elicit restricted or unsafe outputs, a phenomenon commonly referred to as...

5.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/13 6:45 p.m.7 views

5gasp-cli (>=0.1.0 <=0.4.0), ablator (=0.0.1b3) +348 more potentially affected by CVE-2026-22702 via virtualenv (>=12.1.1 <=20.35.4)

virtualenv PYPI version =12.1.1, =0.1.0, =2.0.1, =0.0.2, =0.1.0, =0.0.1a0, =0.2.0, =0.6.1.91, =1.5.0, =2024.7.4, =0.8.3b20230820, =0.8.3b20231012, =1.0.1b20240404 and more Source cves: CVE-2026-22702 Source advisory: OSV:GHSA-597G-3PHW-6986...

4.5CVSS5.7AI score0.00085EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-5692

Malware in sbrugna...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.5 views

Towards Reliable and Practical LLM Security Evaluations Via Bayesian Modelling

Before adopting a new large language model LLM architecture, it is critical to understand vulnerabilities accurately. Existing evaluations can be difficult to trust, often drawing conclusions from LLMs that are not meaningfully comparable, relying on heuristic inputs or employing metrics that fai...

7.4AI score
Exploits0
Rows per page
Query Builder