Lucene search
+L

13 matches found

euvd
euvd
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40004

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8
nvd
nvd
added 2026/06/28 10:16 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/28 9:30 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2026/06/28 9:30 p.m.36 views

CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
cve
cve
added 2026/06/28 9:30 p.m.16 views

CVE-2026-13507

Summary (CVE-2026-13507) Volcengine OpenViking up to 0.3.21 is affected in the Local VectorDB Primary-key Label Handler, specifically the str_to_uint64 function in openviking/storage/vectordb/utils/str_to_uint64.py. The issue arises from manipulating the argument ID, causing insufficient verifica...

5CVSS5.5AI score0.00138EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-25170

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00462EPSS
Exploits1References5
nvd
nvd
added 2025/08/19 2:15 p.m.9 views

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

6.5CVSS0.00462EPSS
Exploits1References5
osv
osv
added 2025/08/19 2:15 p.m.6 views

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

6.5CVSS6.4AI score0.00462EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/08/19 12:0 a.m.7 views

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

8.1AI score0.00462EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/08/19 12:0 a.m.6 views

Volcengine verl 安全漏洞

Volcengine verl is a large language modeling library open-sourced by Volcengine. A security vulnerability exists in Volcengine verl version 3.0.0 that stems from improper deserialization and could lead to arbitrary code execution...

6.5CVSS7.7AI score0.00462EPSS
Exploits1References5
cvelist
cvelist
added 2025/08/19 12:0 a.m.17 views

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

0.00462EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2025/08/19 12:0 a.m.14 views

PT-2025-33729 · Volcengine · Volcengine Verl

Name of the Vulnerable Software and Affected Versions: Volcengine versions 3.0.0 Description: A deserialization vulnerability exists in Volcengine's scripts/model merger.py script when using the "fsdp" backend. The script calls torch.load with weights only=False on user-supplied .pt files, allowi...

6.5CVSS8.2AI score0.00462EPSS
Exploits1References9
cve
cve
added 2025/08/19 12:0 a.m.22 views

CVE-2025-50461

CVE-2025-50461 describes a deserialization vulnerability in Volcengine Verl 3.0.0, specifically in scripts/model_merger.py when using the "fsdp" backend. The code calls torch.load() with weights_only=False on user-supplied .pt files, enabling arbitrary code execution if a malicious model file is ...

6.5CVSS7.5AI score0.00462EPSS
Exploits1References5
Rows per page
Query Builder