Tag
high
advisory
Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders
2 rules 2 TTPsStanza, an NLP library, is vulnerable to remote code execution (CVE-2026-54499) due to an unsafe fallback mechanism when loading PyTorch model files, allowing an attacker who can place a malicious pretrain or model file to achieve arbitrary code execution on systems processing NLP pipelines, leading to credential theft, backdoors, data exfiltration, and lateral movement.
Stanza +1
deserialization
rce
python
pytorch
machine-learning
supply-chain
cwe-502
nlp
+1
2r
2t
high
advisory
vllm and PyTorch Vulnerability Allows DoS and Potential Remote Code Execution
2 rules 2 TTPsA remote, authenticated attacker can exploit a vulnerability in vllm and PyTorch to cause a denial-of-service condition or potentially achieve remote code execution.
vllm
denial-of-service
remote-code-execution
PyTorch
2r
2t