CVE-2025-24747
published 2025-01-27CVE-2025-24747: Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.26%
17.1th percentile
Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| favethemes | houzez | <= 3.4.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-24747 python-torch: PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files [fedora-42]
bugzilla·2026-01-28·CVSS 9.3
CVE-2026-24747 [CRITICAL] CVE-2026-24747 python-torch: PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files [fedora-42]
CVE-2026-24747 python-torch: PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This is sadly distinct from CVE-2025-32434. Moreover, any vulns in weights_only=True are real security issues for our users - it's supposed to be a safe function.
---
Unfortunately, both the commit and bug number provided in the NVD for this vuln seem unrelated.
Luckily, I was able to find the patch:
https://github.com/pytorch/pytorch/commit/0e2459f08fc5329979e6ad986014278f2a87618c
---
This message is a reminder that Fedora Linux 42 is
Bugzilla
CVE-2026-24747 pytorch: PyTorch: Arbitrary code execution via malicious checkpoint file loading
bugzilla·2026-01-27·CVSS 9.3
CVE-2026-24747 [CRITICAL] CVE-2026-24747 pytorch: PyTorch: Arbitrary code execution via malicious checkpoint file loading
CVE-2026-24747 pytorch: PyTorch: Arbitrary code execution via malicious checkpoint file loading
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
Discussion:
The CVE listing seems to have a patch attached, but I honestly can't tell if it fixes the CVE or not; it seems unrelated.
---
This is sadly distinct from CVE-2025-32434. Moreover, any vulns in weights_only=True are real security issues for our users - it's supposed to be a safe function.
---
This appears to hit F42
2025-01-27
Published