Lucene search
K

156 matches found

CVE
CVE
added 4 days ago12 views

CVE-2026-55687

CVE-2026-55687 describes a stack-based out-of-bounds write in the Espressif ESF-IDF JPEG decoder marker parsing (jpeg_parse_dqt_marker). The attack uses the attacker-controlled DQT marker Tq nibble as an index into the qt_tbl array without validating it is within 0..3, enabling malformed JPEG inp...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1031 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`

Impact When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=2, 2, shape=2, 2, dtype=tf.float...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-965 TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

5.9CVSS5.9AI score0.00596EPSS
Exploits1References8
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-972 Core dump when loading TFLite models with quantization in TensorFlow

Impact Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling...

5.5CVSS6AI score0.00316EPSS
Exploits1References12
NVD
NVD
added 2026/06/26 4:16 p.m.7 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS0.00551EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/26 3:15 p.m.34 views

CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

0.00551EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:15 p.m.7 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 3:15 p.m.9 views

EUVD-2026-39786

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 3:15 p.m.35 views

CVE-2026-5757

CVE-2026-5757 concerns Ollama’s model quantization engine. The CERT entry describes an unauthenticated remote information-disclosure vulnerability triggered via the model upload interface. Root cause: three factors—no bounds checking on user-supplied GGUF header metadata, unsafe memory access usi...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:3 p.m.15 views

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...

7.5CVSS5.6AI score0.00281EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.12 views

Widening the Gap: Exploiting LLM Quantization Via Outlier Injection

LLM quantization has become essential for memory-efficient deployment. Recent work has shown that quantization schemes can pose critical security risks: an adversary may release a model that appears benign in full precision but exhibits malicious behavior once quantized by users. However, existin...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/05 7:55 p.m.175 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama Heap Out-of-Bounds Read 1-Day PoC Thi...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34454

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description An out-of-bounds memory read and write issue exists in the GGUF GPT-Generated Unified Format quantization engine. This occurs because the engine lacks proper bounds checking and trusts tensor...

7.5CVSS6.6AI score0.00551EPSS
Exploits1References18
CERT
CERT
added 2026/04/22 12:0 a.m.19 views

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

7.5CVSS6AI score0.00551EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.8 views

CVE-2025-33247

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS6.1AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-24141

NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,...

7.8CVSS5.9AI score0.0021EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/26 8:55 a.m.146 views

turboquant-monitoring-poc

TurboQuant x WhatAp Monitoring POC TurboQuanthttps://arxiv...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/24 10:30 p.m.4 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the quantization configuration loading process. An attacker can execute arbitrary code,...

8.5CVSS6.1AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 9:31 p.m.6 views

EUVD-2025-208974

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS6.1AI score0.00322EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 9:16 p.m.11 views

CVE-2026-24141

NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,...

7.8CVSS0.0021EPSS
Exploits0References3
Rows per page
Query Builder