2.3
CVE-2025-2153 - HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rβ¦
9.3
CVE-2025-1497 - Remote Code Execution in PlotAI
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting tβ¦
5.3
CVE-2025-2152 - Open Asset Import Library Assimp File BaseImporter.cpp ConvertToUTF8 heap-based overflow
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attaβ¦
5.3
CVE-2025-2151 - Open Asset Import Library Assimp File ParsingUtils.h GetNextLine stack-based overflow
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remβ¦
2
CVE-2025-2149 - PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locβ¦
2.3
CVE-2025-2148 - PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be laβ¦
0.0
CVE-2025-2156 -
Red Hat Product Security has come to the conclusion that this CVE is not needed.
5.3
CVE-2025-1945 - picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfβ¦
5.3
CVE-2025-1944 - picklescan ZIP archive manipulation attack leads to crash
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan rβ¦
6.9
CVE-2025-2147 - Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System fileβ¦
A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessible. It is possible to launch the attack remβ¦