Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

EUVD-2025-33343

scio is vunerable to Remote Command Execution through PyTorch...

GHSA-M9MP-6X32-5RHG scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

at.molindo:esi4j (>=0.3.0 <=3.0.2), at.molindo:scrutineer (>=2.0.0 <=3.0.0) +9 more potentially affected by CVE-2022-24913 via com.fasterxml.util:java-merge-sort (>=0.7.1 <=1.0.2)

com.fasterxml.util:java-merge-sort MAVEN version =0.7.1, =0.3.0, =2.0.0, =1.0.3, =2.3.0, =0.5.3, =0.5.3, =0.9.0, =0.5.3, =0.5.3, =0.9.0, =1.0.2, =1.0.4 Source cves: CVE-2022-24913 Source advisory: OSV:GHSA-QXXC-7MQ4-MF79...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c3.11 (>=2.7.0 <=2.8.0), com.ibm.fhir:fhir-term-graph (>=4.9.2 <=4.10.2) +64 more potentially affected by CVE-2021-44521 via org.apache.cassandra:cassandra-all (>=3.11.0 <=3.11.11)

org.apache.cassandra:cassandra-all MAVEN version =3.11.0, =2.7.0, =4.9.2, =4.10.0, =3.11, =3.11, =3.11, =0.3.3, =0.4.0, =0.10.0, =3.11.0.0, =2.3, =5.3.0, =6.1.0 and more Source cves: CVE-2021-44521 Source advisory: OSV:GHSA-8FFC-79XG-29W8...

com.impetus.kundera.client:kundera-cassandra (>=3.11 <=3.13), com.impetus.kundera.client:kundera-cassandra-ds-driver (>=3.11 <=3.13) +26 more potentially affected by CVE-2020-17516 via org.apache.cassandra:cassandra-all (>=3.11.0 <=3.11.1)

org.apache.cassandra:cassandra-all MAVEN version =3.11.0, =3.11, =3.11, =3.11, =0.3.3, =0.4.0, =3.11.0.0, =2.3, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.1 and more Source cves: CVE-2020-17516 Source advisory: OSV:GHSA-2VXM-VP4C-FJFW...

Android Also Gives Google Remote App Installation Power

The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on user...