57 matches found
cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +8 more potentially affected by CVE-2025-23349 via megatron-core (=0.10.0)
megatron-core PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-core and may be impacted: - cosmos-predict2 =1.0.6, =5.1.6, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.9 Source cves: CVE-2025-23349...
CVE-2025-23348
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretraingpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...
GHSA-6VM5-6JV9-RJPJ MONAI: Unsafe torch usage may lead to arbitrary code execution
Summary In modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when...
cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +8 more potentially affected by CVE-2025-23264 via megatron-core (=0.10.0)
megatron-core PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-core and may be impacted: - cosmos-predict2 =1.0.6, =5.1.6, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.9 Source cves: CVE-2025-23264...
cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +8 more potentially affected by CVE-2025-23265 via megatron-core (=0.10.0)
megatron-core PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-core and may be impacted: - cosmos-predict2 =1.0.6, =5.1.6, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.9 Source cves: CVE-2025-23265...
Don't Throw the Baby out with the Bathwater: How and Why Deep Learning for ARC
The Abstraction and Reasoning Corpus ARC-AGI presents a formidable challenge for AI systems. Despite the typically low performance on ARC, the deep learning paradigm remains the most effective known strategy for generating skillful state-of-the-art neural networks NN across varied modalities and...
Can In-Context Reinforcement Learning Recover from Reward Poisoning Attacks?
We study the corruption-robustness of in-context reinforcement learning ICRL, focusing on the Decision-Pretrained Transformer DPT, Lee et al., 2023. To address the challenge of reward poisoning attacks targeting the DPT, we propose a novel adversarial training framework, called Adversarially...
Adversarially Robust Spiking Neural Networks with Sparse Connectivity
Deployment of deep neural networks in resource-constrained embedded systems requires innovative algorithmic solutions to facilitate their energy and memory efficiency. To further ensure the reliability of these systems against malicious actors, recent works have extensively studied adversarial...
Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets
Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...
PT-2024-26627
Name of the Vulnerable Software and Affected Versions huggingface/transformers affected versions not specified Description The issue allows for arbitrary code execution through deserialization of untrusted data within the load repo checkpoint function of the TFPreTrainedModel class. Attackers can...
Deserialization of untrusted data
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function applyxseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of ...
CVE-2024-0654
A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been...
Deserialization of untrusted data
A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been...
CVE-2024-0654 DeepFaceLab Util.py deserialization
A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been...
PT-2024-15721 · Unknown · Deepfacelab
Name of the Vulnerable Software and Affected Versions: DeepFaceLab pretrained DF.wf.288res.384.92.72.22 Description: A problematic vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. The issue affects an unknown function of the file mainscripts/Util.py and leads to...
DeepFaceLab Code Issues Vulnerabilities
DeepFaceLab is a leading software for video face swapping by iperov individual developers. A code issue vulnerability exists in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 version, which stems from a deserialization vulnerability in the file DFLIMG/DFLJPG.py...
Detects Clickbait Headlines Using Deep Learning: Clickbait Detector
Detects Clickbait Headlines Using Deep Learning People continually fall for clickbait and as Wired in it’s article mentioned Whether you think clickbait is on the rise, obscurant and self-negating, not such a big deal, or the root of all evil, one thing is clear about it: It’s increasingly hard t...