Lucene search
K

200 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-0192

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00694EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27461

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00376EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.5 views

PT-2026-5024

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.10.0 Description PyTorch, a Python package for tensor computation, has an issue in its weights only unpickler. An attacker can create a malicious checkpoint file .pth that, when loaded using torch.load..., weights...

10CVSS6.7AI score0.00695EPSS
Exploits1References36
RedhatCVE
RedhatCVE
added 2025/09/11 12:16 a.m.14 views

CVE-2025-58756

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

8.8CVSS7.3AI score0.00684EPSS
Exploits1References1
OSV
OSV
added 2025/09/09 9:30 p.m.2 views

GHSA-9W53-XR52-MWGJ SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.3CVSS6.8AI score0.00376EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/09 9:30 p.m.11 views

SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS7.4AI score0.00376EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/09/09 9:19 p.m.4 views

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load function in the bundle/scripts.py file, which uses torch.load with weightsonly=True parameter. An attacker can execute arbitrary commands by...

8.8CVSS7.4AI score0.00684EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/09 7:44 p.m.4 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the main function in the /updateweightsfromtensor process in...

7.5CVSS7.7AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 7:15 p.m.4 views

CVE-2025-10164

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS0.00376EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 6:32 p.m.35 views

CVE-2025-10164

CVE-2025-10164 affects lmsys sglang 0.4.6. The vulnerability is in the main function of the file /update_weights_from_tensor, where manipulation of the serialized_named_tensors input enables deserialization, allowing remote exploitation. Public exploits exist and the vendor was unresponsive. Publ...

7.5CVSS6.5AI score0.00376EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.5 views

LMSYS SGLang 代码问题漏洞

LMSYS SGLang is a large language model inference engine from LMSYS open source. A code issue vulnerability exists in LMSYS SGLang version 0.4.6, which stems from a misbehavior of the parameter serializednamedtensors of the function main in the file /updateweightsfromtensor resulting in...

7.5CVSS7.4AI score0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.17 views

PT-2025-36911

Name of the Vulnerable Software and Affected Versions lmsys sglang version 0.4.6 Description A security flaw exists in lmsys sglang version 0.4.6. The issue involves the main function within the /update weights from tensor file, which is susceptible to deserialization due to manipulation of the...

7.5CVSS7.2AI score0.00376EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-32434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In...

9.8CVSS8.4AI score0.01917EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/07/28 12:0 a.m.4 views

A Novel Post-Quantum Secure Digital Signature Scheme Based on Neural Network

Digital signatures are fundamental cryptographic primitives that ensure the authenticity and integrity of digital documents. In the post-quantum era, classical public key-based signature schemes become vulnerable to brute-force and key-recovery attacks due to the computational power of quantum...

6.9AI score
Exploits0
Huntr
Huntr
added 2025/07/03 12:4 p.m.8 views

Dependacy chain attack through hijacking broken github repository at https://github.com/huggingface/transformers/blob/main/src/\ntransformers/models/fuyu/\nconvert_fuyu_model_weights_to_hf.py

Description Type: Dependency Chain Attack through hijacking broken github repository Risk: High Allows arbitrary code execution in model conversion workflows Affected Asset: https://github.com/adept-ai-labs/adept-inference Broken URL in Hugging Face Transformers Root Cause The Hugging Face...

6.5AI score
Exploits0
OSV
OSV
added 2025/06/27 3:27 p.m.6 views

GHSA-XJ56-P8MM-QMXJ LLaMA-Factory allows Code Injection through improper vhead_file safeguards

Summary A critical remote code execution vulnerability was discovered during the Llama Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passi...

8.3CVSS6.7AI score0.0103EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.5 views

ObfusBFA: a Holistic Approach to Safeguarding DNNs from Different Types of Bit-Flip Attacks

Bit-flip attacks BFAs represent a serious threat to Deep Neural Networks DNNs, where flipping a small number of bits in the model parameters or binary code can significantly degrade the model accuracy or mislead the model prediction in a desired way. Existing defenses exclusively focus on...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.4 views

Differentially Private Distribution Release of Gaussian Mixture Models Via KL-Divergence Minimization

Gaussian Mixture Models GMMs are widely used statistical models for representing multi-modal data distributions, with numerous applications in data mining, pattern recognition, data simulation, and machine learning. However, recent research has shown that releasing GMM parameters poses significan...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.5 views

CVE-2023-25675

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1...

7.5CVSS6.8AI score0.00391EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/08 12:0 a.m.5 views

A Weighted Byzantine Fault Tolerance Consensus Driven Trusted Multiple Large Language Models Network

Large Language Models LLMs have achieved remarkable success across a wide range of applications. However, individual LLMs often produce inconsistent, biased, or hallucinated outputs due to limitations in their training corpora and model architectures. Recently, collaborative frameworks such as th...

7AI score
Exploits0
Rows per page
Query Builder