Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/06/16 7:16 p.m.10 views

CVE-2026-47749

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...

7.8CVSS0.00203EPSS
Exploits1References3
CVE
CVEadded 2026/06/16 6:17 p.m.13 views

CVE-2026-47750

The CVE-2026-47750 issue affects stable-diffusion.cpp in its pickle (.ckpt) parser (src/model.cpp). A heap buffer overflow occurs in the GLOBAL opcode handler due to missing validation while locating newline-delimited fields; a crafted .ckpt from an untrusted source can cause the parser to copy w...

7.8CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/06/16 5:23 p.m.9 views

CVE-2026-47749

The CVE-2026-47749 entry concerns stable-diffusion.cpp, a C/C++ library for diffusion-model inference. A flaw in the pickle .ckpt parser (src/model.cpp) allows a heap buffer overflow in SHORT_BINUNICODE handling due to sign confusion on the opcode length field. A crafted untrusted .ckpt file coul...

7.8CVSS6.4AI score0.00203EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/06/16 5:11 p.m.50 views

CVE-2026-47748

CVE-2026-47748 affects stable-diffusion.cpp (C/C++ library) prior to master-584-0a7ae07. The root cause is out-of-bounds reads in the PyTorch checkpoint pickle opcode parsing in src/model.cpp, where the parser sometimes advances buffer positions without validating remaining input, allowing reads ...

5.5CVSS5.6AI score0.00163EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/12 12:0 a.m.32 views

CVE-2026-31214

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

0.00486EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.16 views

PT-2026-39635

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its average model.py model averaging tool. The script loads PyTorch checkpoint files epoch .pt for model averaging using torch.load without enabling the weights...

6.1AI score0.00222EPSS
Exploits0References3
Veracode
Veracodeadded 2025/10/16 1:31 p.m.6 views

Insecure Deserialization

monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...

8.8CVSS7.4AI score0.00684EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder