Seguridad de la Información

Alertas de Seguridad de la Información

Vulnerabilidades explotadas activamente, incidentes y análisis relevantes para México y LATAM. Actualizado automáticamente desde fuentes oficiales.

48 vulnerabilidades en CISA KEV — explotación activa confirmada Ver todas →

Última alerta publicada hace 2 días

406

Total alertas

79

Críticas

201

Altas

8

Ransomware

25

Esta semana

RSS

Alta × nvd × Limpiar todo ×

C Alto vulnerabilidad

[CVE-2026-38950] An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted mode…

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

C Alto vulnerabilidad

[CVE-2026-46175] In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency ca…

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync root@vm:/mnt/f2fs# rm -f 1 root@vm:/mnt/f2fs# sync…

C Alto vulnerabilidad

[CVE-2026-31221] PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-…

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model states, internally calls torch.load() without setting the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbi…

C Alto vulnerabilidad

[CVE-2026-31222] The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the…

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exp…

C Alto vulnerabilidad

[CVE-2026-31253] The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13…

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and the checkpoint loading code in eval.py use torch.load() without enabling the security-restrictive weights_only=True parameter. This allows the de…

C Alto vulnerabilidad

[CVE-2026-31250] CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure des…

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for model averaging using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via …