CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23306
https://notcve.org/view.php?id=CVE-2025-23306
13 Aug 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providin... • https://nvd.nist.gov/vuln/detail/CVE-2025-23306 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23305
https://notcve.org/view.php?id=CVE-2025-23305
13 Aug 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23305 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23295
https://notcve.org/view.php?id=CVE-2025-23295
13 Aug 2025 — NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23295 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23304
https://notcve.org/view.php?id=CVE-2025-23304
13 Aug 2025 — NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23304 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23303
https://notcve.org/view.php?id=CVE-2025-23303
13 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23303 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23335
https://notcve.org/view.php?id=CVE-2025-23335
06 Aug 2025 — NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service. NVIDIA Triton Inference Server para Windows y Linux, así como el backend de Tensor RT, presentan una vulnerabilidad que permite a un atacante causar un subdesbordamiento mediante una configuración de modelo específica y una entrada es... • https://nvd.nist.gov/vuln/detail/CVE-2025-23335 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23334
https://notcve.org/view.php?id=CVE-2025-23334
06 Aug 2025 — NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure. NVIDIA Triton Inference Server para Windows y Linux contiene una vulnerabilidad en el backend de Python, donde un atacante podría provocar una lectura fuera de los límites al enviar una solicitud. Explotar esta vulnerabilidad podría resultar en la divulgac... • https://nvd.nist.gov/vuln/detail/CVE-2025-23334 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23333 – NVIDIA Triton Inference Server LoadFromSharedMemory Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-23333
06 Aug 2025 — NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure. NVIDIA Triton Inference Server para Windows y Linux contiene una vulnerabilidad en el backend de Python, donde un atacante podría provocar una lectura fuera de los límites al manipular datos de memoria compartida. Explotar esta vulnerabilidad... • https://nvd.nist.gov/vuln/detail/CVE-2025-23333 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23331
https://notcve.org/view.php?id=CVE-2025-23331
06 Aug 2025 — NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. NVIDIA Triton Inference Server para Windows y Linux contiene una vulnerabilidad que permite a un usuario asignar memoria con un tamaño excesivo, lo que provoca un fallo de segmentación, al proporcionar una solicitud no v... • https://nvd.nist.gov/vuln/detail/CVE-2025-23331 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23327
https://notcve.org/view.php?id=CVE-2025-23327
06 Aug 2025 — NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering. NVIDIA Triton Inference Server para Windows y Linux contiene una vulnerabilidad que permite a un atacante causar un desbordamiento de enteros mediante entradas especialmente manipuladas. Una explotación exitosa de esta vulnerabilidad podría provocar una d... • https://nvd.nist.gov/vuln/detail/CVE-2025-23327 • CWE-190: Integer Overflow or Wraparound •