Lucene search
+L

1164 matches found

Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.8 views

PT-2026-26969

Name of the Vulnerable Software and Affected Versions PyTorch version 2.10.0 Description A flaw exists in PyTorch related to deserialization within the pt2 Loading Handler component. The issue is triggered by manipulation of an unknown function. This can be exploited in a local environment. The...

7.8CVSS5.9AI score0.00239EPSS
Exploits0References18
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 10:32 a.m.8 views

Malicious code in dataflux-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 486e56ad4de2a59b9c8890d854505075b556ca6920be97f850a14c7d648f7f3b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/20 10:32 a.m.5 views

MAL-2026-1988 Malicious code in dataflux-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 486e56ad4de2a59b9c8890d854505075b556ca6920be97f850a14c7d648f7f3b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Elastic
Elastic
added 2026/03/19 4:59 p.m.11 views

Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)

Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Objec...

9.8CVSS8AI score0.01917EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:14 p.m.6 views

Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.

Summary IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.This Bulletine contains information of the vulerable product version and it's remediation. Vulnerability Details...

7.5CVSS5.3AI score0.00391EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/26 3:23 p.m.6 views

BIT-PYTORCH-2025-2149 PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...

2.5CVSS3.8AI score0.0024EPSS
Exploits1References6
OSV
OSV
added 2026/02/26 3:23 p.m.6 views

BIT-PYTORCH-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

7.5CVSS4.9AI score0.00403EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/02/24 5:36 p.m.6 views

CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14

CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14. A patched version of the package is available...

8.2CVSS5.4AI score0.00613EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/02/24 1:8 a.m.6 views

CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12

CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12. A patched version of the package is available...

8.2CVSS5.4AI score0.00613EPSS
Exploits0
Snyk
Snyk
added 2026/02/18 5:45 p.m.4 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the scanpytorch function. An attacker can execute arbitrary code by crafting a malicious payload that...

7.1CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.14 views

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/18 5:45 p.m.5 views

GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.19 views

PT-2026-50469

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.3 Description A scanning bypass exists in the scan pytorch function. The issue arises from a difference in how magic numbers are handled compared to PyTorch's implementation. While the software uses...

7.1CVSS6.5AI score0.00434EPSS
Exploits0References15
CBLMariner
CBLMariner
added 2026/02/13 6:52 a.m.7 views

CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-13

CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-13. A patched version of the package is available...

8.8CVSS5.5AI score0.00695EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.21 views

GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks

GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...

5.6AI score
Exploits0
Veracode
Veracode
added 2026/02/06 10:26 a.m.8 views

Memory Corruption

PyTorch is vulnerable to memory corruption. The vulnerability is due to an unsafe implementation in the weightsonly unpickler when loading malicious .pth checkpoint files, which allows an attacker to craft a specially designed file that can corrupt memory and potentially execute arbitrary code...

8.8CVSS5.9AI score0.00695EPSS
Exploits1References11Affected Software2
CBLMariner
CBLMariner
added 2026/02/05 10:21 p.m.4 views

CVE-2025-3001 affecting package pytorch for versions less than 2.0.0-12

CVE-2025-3001 affecting package pytorch for versions less than 2.0.0-12. A patched version of the package is available...

5.3CVSS5.3AI score0.00183EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has a code injection vulnerability. This vulnerability stems from...

7.8CVSS7.2AI score0.00256EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/02/02 3:31 p.m.6 views

CVE-2026-24747 affecting package pytorch for versions less than 2.2.2-11

CVE-2026-24747 affecting package pytorch for versions less than 2.2.2-11. A patched version of the package is available...

8.8CVSS5.3AI score0.00695EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/02 1:17 p.m.9 views

CVE-2025-32434 vulnerabilities

Vulnerabilities for packages: py3.11-pytorch-cuda-11.8...

9.8CVSS7.3AI score0.01917EPSS
Exploits1
Rows per page
Query Builder