331 matches found
CVE-2026-50144
ncnn (mobile-optimized neural network framework) contains an out-of-bounds heap write in ParamDict::load_param() when loading a malicious .param model, caused by a negative parameter id indexing before params[NCNN_MAX_PARAM_COUNT]. This is exploitable via Net::load_param() and is fixed by commit ...
CVE-2025-15666 Open Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflow
A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...
CVE-2025-15666
Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...
PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
CVE-2026-5843
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...
CVE-2026-5843
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...
CVE-2026-5843
The CVE describes a vulnerability in Docker Model Runner (macOS) where the MLX-LM backend unconditionally imports and executes arbitrary Python files specified by model_file in a model's config.json via importlib, without a trust_remote_code gate or sandboxing. This enables container-to-host arbi...
Astra Linux – Vulnerability in aom
The file aomdsp/noisemodel.c in the libaom library within AOMedia, dated before March 24, 2021, contains a buffer overflow vulnerability...
CVE-2026-8751
Affected software: h2oai h2o-3 (versions before 7402). The issue lies in the JAR Handler component, specifically the importBinaryModel() function in h2o-core/src/main/java/hex/Model.java, where input manipulation can trigger deserialization. This enables remote exploitation, with the exploit publ...
CVE-2026-31219
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...
Deserialization of Untrusted Data
Overview adversarial-robustness-toolbox is a Toolbox for adversarial machine learning. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the model loading process. An attacker can execute arbitrary code by uploading a maliciously crafted model file to an...
EUVD-2026-29503
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...
CVE-2026-31219
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
PT-2026-40116
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
PT-2026-40125
Name of the Vulnerable Software and Affected Versions Ludwig framework versions prior to 0.10.5 Description The model serving component is subject to insecure deserialization. When initiating a model server via the ludwig serve command, the framework utilizes the torch.load function to load model...
CVE-2026-31219
The connected documents confirm a concrete vulnerability in the optimate project: the _load_model() (or load_model()) function in neural_magic_training.py deserializes a single model file passed via --model using torch.load() without weights_only=True, enabling arbitrary Python object deserializa...
CVE-2026-31219
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...
PT-2026-40058
The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...