Lucene search
+L

402 matches found

attackerkb
attackerkb
added 2026/05/11 12:0 a.m.5 views

CVE-2026-31251

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...

6.1AI score0.00218EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.11 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability stems from the averagemodel.py model averaging tool, which loads checkpoint files using torch.load without enabling the weights-only=True...

7.3CVSS6.2AI score0.00222EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.24 views

PT-2026-39634

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its make parquet list.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load withou...

6.1AI score0.0021EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/11 12:0 a.m.10 views

CVE-2026-31251

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...

6.1AI score0.00218EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/11 12:0 a.m.7 views

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

6.1AI score0.00112EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/11 12:0 a.m.7 views

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

6.1AI score0.00112EPSS
Exploits0References2
cve
cve
added 2026/05/11 12:0 a.m.21 views

CVE-2026-31252

CosyVoice Web UI vulnerability (CVE-2026-31252) arises from insecure deserialization (CWE-502) in the model loading component. The framework loads model weight files (e.g., llm.pt, flow.pt, hift.pt) with torch.load() without enabling weights_only=True, permitting arbitrary Python object deseriali...

5.7CVSS6.1AI score0.00112EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/11 12:0 a.m.7 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

6.1AI score0.0021EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.11 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice. This vulnerability stemmed from the model loading component using torch.load to load model weight files without enabling th...

5.7CVSS6.2AI score0.00112EPSS
Exploits0References2
cve
cve
added 2026/05/11 12:0 a.m.15 views

CVE-2026-31251

CVE-2026-31251 affects CosyVoice’s gRPC server component. During startup, the server loads the speech synthesis model from a user-specified directory via torch.load() without enabling the weights_only=True security parameter, enabling the pickle-based deserialization of arbitrary Python objects. ...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/11 12:0 a.m.8 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

6.1AI score0.00218EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.19 views

PT-2026-39635

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its average model.py model averaging tool. The script loads PyTorch checkpoint files epoch .pt for model averaging using torch.load without enabling the weights...

6.1AI score0.00222EPSS
Exploits0References3
cve
cve
added 2026/05/11 12:0 a.m.29 views

CVE-2026-31253

The CVE-2026-31253 entry concerns the flash-attention training framework. A deserialization flaw exists in the checkpoint loading path (checkpoint.py load_checkpoint and eval.py) where torch.load() is used without weights_only=True, enabling pickle-based object deserialization. This can allow an ...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.12 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice, which stemmed from the data processing tool makeparquetlist.py using torch.load to load .pt files without enabling the...

7.3CVSS6.2AI score0.0021EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/28 8:18 p.m.2 views

fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...

9.8CVSS5.4AI score0.00573EPSS
Exploits0
osv
osv
added 2026/04/07 6:30 a.m.22 views

GHSA-69W3-R845-3855 HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS6.2AI score0.00349EPSS
Exploits1References5
cvelist
cvelist
added 2026/04/07 5:22 a.m.29 views

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS0.00349EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/04/07 5:22 a.m.6 views

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS7AI score0.00349EPSS
Exploits1References2
cve
cve
added 2026/04/07 5:22 a.m.63 views

CVE-2026-1839

CVE-2026-1839 concerns the HuggingFace Transformers library, affecting the Trainer class. The root cause is an unsafe load in src/transformers/trainer.py: _load_rng_state() calls torch.load() without weights_only=True, which can allow arbitrary code execution when loading a malicious checkpoint (...

7.8CVSS7AI score0.00349EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/04/07 5:22 a.m.3 views

CVE-2026-1839

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS7AI score0.00349EPSS
Exploits1References3
Rows per page
Query Builder