CVE-2026-33626
- EPSS 0.03%
- Veröffentlicht 20.04.2026 20:29:19
- Zuletzt bearbeitet 21.04.2026 20:16:56
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/ut...
CVE-2025-67729
- EPSS 0.07%
- Veröffentlicht 26.12.2025 21:54:10
- Zuletzt bearbeitet 31.12.2025 21:31:22
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoi...
CVE-2025-3163
- EPSS 0.11%
- Veröffentlicht 03.04.2025 16:15:37
- Zuletzt bearbeitet 23.04.2025 15:31:12
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch...
CVE-2025-3162
- EPSS 0.13%
- Veröffentlicht 03.04.2025 15:15:53
- Zuletzt bearbeitet 23.04.2025 22:29:10
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to dese...