CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

PT-2025-48588

Name of the Vulnerable Software and Affected Versions Tencent Hunyuan3D-1 affected versions not specified Description A flaw exists within the load pretrained function that allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. The issue is due to...

CVE-2025-23348

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretraingpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

Adversarially Robust Spiking Neural Networks with Sparse Connectivity

Deployment of deep neural networks in resource-constrained embedded systems requires innovative algorithmic solutions to facilitate their energy and memory efficiency. To further ensure the reliability of these systems against malicious actors, recent works have extensively studied adversarial...

PT-2024-26627 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: huggingface/transformers affected versions not specified Description: The issue allows for arbitrary code execution through deserialization of untrusted data within the load repo checkpoint function of the TFPreTrainedModel class. Attackers c...

Deserialization of untrusted data

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function applyxseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of ...