Lucene search
K

1146 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/22 4:20 a.m.3 views

CVE-2026-4538

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

5.3CVSS5.6AI score0.00239EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/22 4:20 a.m.35 views

CVE-2026-4538 PyTorch pt2 Loading deserialization

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

5.3CVSS0.00239EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.7 views

PyTorch 代码问题漏洞

PyTorch is an open-source Python package developed by PyTorch. Version 2.10.0 of PyTorch contains code vulnerabilities; these vulnerabilities stem from unknown features in the pt2 loading processing component, which may lead to deserialization attacks...

7.8CVSS6.1AI score0.00239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.6 views

PT-2026-26969

Name of the Vulnerable Software and Affected Versions PyTorch version 2.10.0 Description A flaw exists in PyTorch related to deserialization within the pt2 Loading Handler component. The issue is triggered by manipulation of an unknown function. This can be exploited in a local environment. The...

7.8CVSS5.9AI score0.00239EPSS
Exploits0References18
OSV
OSV
added 2026/03/20 10:32 a.m.4 views

MAL-2026-1988 Malicious code in dataflux-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 486e56ad4de2a59b9c8890d854505075b556ca6920be97f850a14c7d648f7f3b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 10:32 a.m.7 views

Malicious code in dataflux-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 486e56ad4de2a59b9c8890d854505075b556ca6920be97f850a14c7d648f7f3b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Elastic
Elastic
added 2026/03/19 4:59 p.m.11 views

Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)

Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Objec...

9.8CVSS8AI score0.01878EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:14 p.m.6 views

Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.

Summary IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.This Bulletine contains information of the vulerable product version and it's remediation. Vulnerability Details...

7.5CVSS5.3AI score0.00391EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/26 3:23 p.m.6 views

BIT-PYTORCH-2025-2149 PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...

2.5CVSS3.8AI score0.00235EPSS
Exploits1References6
OSV
OSV
added 2026/02/26 3:23 p.m.6 views

BIT-PYTORCH-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

7.5CVSS4.9AI score0.00403EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/02/24 5:36 p.m.5 views

CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14

CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14. A patched version of the package is available...

8.2CVSS5.4AI score0.00613EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/02/24 1:8 a.m.5 views

CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12

CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12. A patched version of the package is available...

8.2CVSS5.4AI score0.00613EPSS
Exploits0
Snyk
Snyk
added 2026/02/18 5:45 p.m.4 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the scanpytorch function. An attacker can execute arbitrary code by crafting a malicious payload that...

7.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/02/18 5:45 p.m.3 views

GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.13 views

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7Affected Software1
CBLMariner
CBLMariner
added 2026/02/13 6:52 a.m.7 views

CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-13

CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-13. A patched version of the package is available...

8.8CVSS5.5AI score0.00695EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.19 views

GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks

GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...

5.6AI score
Exploits0
Veracode
Veracode
added 2026/02/06 10:26 a.m.7 views

Memory Corruption

PyTorch is vulnerable to memory corruption. The vulnerability is due to an unsafe implementation in the weightsonly unpickler when loading malicious .pth checkpoint files, which allows an attacker to craft a specially designed file that can corrupt memory and potentially execute arbitrary code...

8.8CVSS5.9AI score0.00695EPSS
Exploits1References11Affected Software2
CBLMariner
CBLMariner
added 2026/02/05 10:21 p.m.4 views

CVE-2025-3001 affecting package pytorch for versions less than 2.0.0-12

CVE-2025-3001 affecting package pytorch for versions less than 2.0.0-12. A patched version of the package is available...

5.3CVSS5.3AI score0.00183EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has a code injection vulnerability. This vulnerability stems from...

7.8CVSS7.2AI score0.00256EPSS
Exploits0References2
Rows per page
Query Builder