129 matches found
Security Bulletin: NVIDIA Merlin - May 2026
NVIDIA has released a software update for NVIDIA® Merlin. To protect your system, clone or update this software to include any commit after March 11, 2026 from the NVIDIA-Merlin/Transformers4Rec GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential...
NVIDIA Merlin Transformers4Rec Code Injection Vulnerability
NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability that stems from incorrectly filtering input parameters, which can be exploited by a remote attacker t...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec (all platforms) is affected by CVE-2025-33233. The issue allows code injection due to the underlying vulnerability, with potential impact including code execution, escalation of privileges, information disclosure, and data tampering. The CVSSv3.1 vector is AV:L/AC:L...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
PT-2026-3635
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
Security Bulletin: NVIDIA Merlin - January 2026
NVIDIA has released an update for Merlin to address a security issue that might lead to the impacts described in this bulletin. To protect your system, clone or update this software to include the following commits: Commit 27ddd49 or later from NVIDIA-Merlin/Transformers4Rec Go to NVIDIA Product...
NVIDIA Merlin Transformers4Rec 代码注入漏洞
NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability that stems from incorrectly filtering input parameters, which can be exploited by a remote attacker t...
CVE-2018-18320
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...
CVE-2018-18319
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command=remote='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for us...
NVIDIA Merlin Transformers4Rec Deserialization Vulnerability
NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a deserialization vulnerability that originates from unsafe deserialization processing of serialized data submitted by a user when...
CVE-2025-33213
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33213
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
EUVD-2025-202258
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33213
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33213
CVE-2025-33213 affects NVIDIA Merlin Transformers4Rec for Linux. The Trainer component has a deserialization vulnerability that could enable code execution, denial of service, information disclosure, and data tampering. Public sources corroborate the issue and note an associated CVSS v3.1 base sc...
CVE-2025-33213
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...