Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44183 | CRITICAL | Patched | 9.8 | 2026-05-12 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNe… |
| CVE-2026-41096 | CRITICAL | Patched | 9.8 | 2026-05-12 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. |
| CVE-2026-41089 | CRITICAL | Patched | 9.8 | 2026-05-12 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
| CVE-2026-31237 | CRITICAL | 9.8 | 2026-05-12 | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict()… | |
| CVE-2026-31238 | CRITICAL | 9.8 | 2026-05-12 | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve comm… | |
| CVE-2026-31239 | CRITICAL | 9.8 | 2026-05-12 | The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel… | |
| CVE-2026-31229 | CRITICAL | 9.8 | 2026-05-12 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. W… | |
| CVE-2026-31230 | CRITICAL | 9.8 | 2026-05-12 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.… | |
| CVE-2026-31231 | CRITICAL | 9.8 | 2026-05-12 | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python… | |
| CVE-2026-31233 | CRITICAL | 9.8 | 2026-05-12 | Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub i… | |
| CVE-2026-31234 | CRITICAL | 9.8 | 2026-05-12 | Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordin… | |
| CVE-2026-31235 | CRITICAL | 9.8 | 2026-05-12 | The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pi… | |
| CVE-2026-31236 | CRITICAL | 9.8 | 2026-05-12 | The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide… | |
| CVE-2026-26083 | CRITICAL | Patched | 9.8 | 2026-05-12 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox P… |
| CVE-2026-43992 | CRITICAL | Patched | 9.8 | 2026-05-12 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm,… |
| CVE-2025-65719 | CRITICAL | 9.8 | 2026-05-12 | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | |
| CVE-2026-41293 | CRITICAL | Patched | 9.8 | 2026-05-12 | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t… |
| CVE-2026-43512 | CRITICAL | Patched | 9.8 | 2026-05-12 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10… |
| CVE-2026-31226 | CRITICAL | 9.8 | 2026-05-12 | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operati… | |
| CVE-2026-31228 | CRITICAL | 9.8 | 2026-05-12 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorc… | |
| CVE-2026-34187 | CRITICAL | Patched | 9.8 | 2026-05-12 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 77… |
| CVE-2026-31214 | CRITICAL | 9.8 | 2026-05-12 | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vul… | |
| CVE-2026-31217 | CRITICAL | 9.8 | 2026-05-12 | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary c… | |
| CVE-2026-31220 | CRITICAL | 9.8 | 2026-05-12 | PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The s… | |
| CVE-2026-8401 | CRITICAL | Patched | 9.8 | 2026-05-12 | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |