PT-2026-40125

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weights only=True...

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

CVE-2026-34940

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

CVE-2025-65118

CVE-2025-65118 affects AVEVA Process Optimization. The issue is described as an Uncontrolled Search Path Element that could allow an authenticated OS Standard User to cause Process Optimization services to load arbitrary code, enabling privilege escalation to OS System and potentially complete co...

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-64691

CVE-2025-64691 affects AVEVA Process Optimization (Code Injection) where an authenticated OS-standard user can tamper TCL Macro scripts to escalate privileges to OS system, potentially fully compromising the Model Application Server. Public summaries describe local, authenticated, user-level acce...

CVE-2025-61937

CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...

PT-2026-3193

Name of the Vulnerable Software and Affected Versions AVEVA Process Optimization affected versions not specified Description A flaw exists that could allow an attacker to execute code remotely on the system with operating system level privileges through the taoimr service. Successful exploitation...

CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

EUVD-2025-38253

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...

EUVD-2023-35519

Malicious code in bioql PyPI...

EUVD-2025-6832

Malicious code in bioql PyPI...

EUVD-2025-14526

Malicious code in bioql PyPI...

CVE-2023-31203

Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions 0.6.5 through 0.8.4, which stems from PyNcclPipe KV cache transfers not properly limiting the scope of TCPStore interface access...

CVE-2025-22892

Uncontrolled resource consumption for some OpenVINO™ model server software maintained by IntelR before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access...

CVE-2025-22892

Summary of CVE-2025-22892 : Uncontrolled resource consumption in Intel OpenVINO Model Server software (pre-2024.4) could allow an unauthenticated, adjacent attacker to trigger a denial of service. The issue stems from resource management weaknesses that permit excessive resource use. Affected pro...

CVE-2025-22892

Uncontrolled resource consumption for some OpenVINO™ model server software maintained by IntelR before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access...