Lucene search
+L

402 matches found

redhatcve
redhatcve
added 2025/12/16 12:26 a.m.7 views

CVE-2025-65213

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

9.8CVSS8.7AI score0.00629EPSS
Exploits1References1
euvd
euvd
added 2025/12/15 9:30 p.m.5 views

EUVD-2025-203406

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

9.8CVSS8.2AI score0.00629EPSS
Exploits1References2
osv
osv
added 2025/12/15 7:16 p.m.5 views

CVE-2025-65213

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

9.8CVSS6.7AI score0.00629EPSS
Exploits1References1
cve
cve
added 2025/12/15 12:0 a.m.26 views

CVE-2025-65213

MooreThreads torch_musa is affected. The vulnerability resides in the function compare_for_single_op() / nan_inf_track_for_single_op() in torch_musa.utils.compare_tool , which uses pickle.load() on user-controlled file paths without validation, enabling remote code execution with the victim proce...

9.8CVSS8.4AI score0.00629EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/12/15 12:0 a.m.11 views

PT-2025-51275

Name of the Vulnerable Software and Affected Versions MooreThreads torch musa affected versions not specified Description MooreThreads torch musa contains an unsafe deserialization issue within the torch musa.utils.compare tool module. The compare for single op and nan inf track for single op...

9.8CVSS7.9AI score0.00629EPSS
Exploits1References7
vulnrichment
vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-65213

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

8.4AI score0.00629EPSS
Exploits1References1
cvelist
cvelist
added 2025/12/15 12:0 a.m.23 views

CVE-2025-65213

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

0.00629EPSS
Exploits1References1
veracode
veracode
added 2025/11/26 2:27 p.m.6 views

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

8.2AI score
Exploits0
redhatcve
redhatcve
added 2025/11/25 7:7 a.m.6 views

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bound...

8.8CVSS8AI score0.00849EPSS
Exploits0References6
cve
cve
added 2025/11/21 1:18 a.m.47 views

CVE-2025-62164

The CVE affects vLLM (inference/serving engine) before 0.11.1, where the Completions API loads user-supplied prompt embeddings with torch.load() lacking proper validation. A PyTorch 2.8.0 change disables sparse-tensor invariants checks, allowing crafted tensors to bypass bounds checks and trigger...

8.8CVSS7.8AI score0.00849EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/20 8:59 p.m.12 views

vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS8.3AI score0.00849EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/11/20 8:59 p.m.3 views

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS6.5AI score0.00849EPSS
Exploits0References5
snyk
snyk
added 2025/11/12 9:43 p.m.3 views

Denial of Service (DoS)

Amendment This was deemed not a vulnerability. Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Denial of Service DoS due to the omission of calling profiler.stop during the finalization process. An...

8.7CVSS6.7AI score0.00121EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2025/11/12 9:15 p.m.5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25613 more potentially affected by CVE-2025-63396 via torch (>=1.0.0 <=2.7.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-63396 Source advisory: OSV:PYSEC-2025-210...

3.3CVSS6AI score0.00121EPSS
Exploits1
pypa
pypa
added 2025/11/12 9:15 p.m.10 views

PYSEC-2025-210

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS...

3.3CVSS6.1AI score0.00121EPSS
Exploits1References4Affected Software1
github
github
added 2025/10/17 6:31 p.m.9 views

Keras framework vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

9.8CVSS7.4AI score0.00699EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2025/10/17 3:46 p.m.2 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the fromconfig method that uses Python’s pickle module as a fall back when weightsonly=False. An attacker can execute arbitrary code ...

9.8CVSS7.9AI score0.00699EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/10/17 12:0 a.m.5 views

PT-2025-42617

Name of the Vulnerable Software and Affected Versions Keras versions 3.11.0 through 3.11.2 Description The Keras framework is susceptible to a critical security issue stemming from unsafe deserialization of untrusted data. Specifically, when loading Keras files containing a maliciously crafted...

9.8CVSS7.2AI score0.00699EPSS
Exploits0References33
github
github
added 2025/10/09 2:22 p.m.6 views

scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

6.9AI score
Exploits0References3Affected Software1
osv
osv
added 2025/10/09 2:22 p.m.4 views

GHSA-M9MP-6X32-5RHG scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

9.3CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder