Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31241 | MEDIUM | 6.5 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory … | May 12, 2026 |
| CVE-2026-31240 | UNKNOWN | — | The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are … | May 12, 2026 |
| CVE-2026-31239 | UNKNOWN | — | The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() … | May 12, 2026 |
| CVE-2026-31238 | UNKNOWN | — | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve … | May 12, 2026 |
| CVE-2026-31237 | UNKNOWN | — | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the … | May 12, 2026 |
| CVE-2026-31236 | UNKNOWN | — | The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to … | May 12, 2026 |
| CVE-2026-31235 | UNKNOWN | — | The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to … | May 12, 2026 |
| CVE-2026-31234 | UNKNOWN | — | Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication … | May 12, 2026 |
| CVE-2026-31233 | UNKNOWN | — | Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the … | May 12, 2026 |
| CVE-2026-31232 | UNKNOWN | — | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a … | May 12, 2026 |
| CVE-2026-31231 | UNKNOWN | — | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python … | May 12, 2026 |
| CVE-2026-31230 | CRITICAL | 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function … | May 12, 2026 |
| CVE-2026-31229 | CRITICAL | 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from … | May 12, 2026 |
| CVE-2026-29204 | CRITICAL | 9.1 | Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized … | May 12, 2026 |
| CVE-2026-26083 | CRITICAL | 9.8 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox … | May 12, 2026 |
| CVE-2026-25690 | MEDIUM | 4.3 | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through … | May 12, 2026 |
| CVE-2026-25088 | MEDIUM | 5.4 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR … | May 12, 2026 |
| CVE-2026-21530 | MEDIUM | 6.7 | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-20767 | UNKNOWN | — | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. … | May 12, 2026 |
| CVE-2026-20714 | UNKNOWN | — | Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged … | May 12, 2026 |
| CVE-2025-67604 | MEDIUM | 5.3 | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, … | May 12, 2026 |
| CVE-2025-53870 | MEDIUM | 6.7 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, … | May 12, 2026 |
| CVE-2025-53844 | HIGH | 8.8 | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or … | May 12, 2026 |
| CVE-2025-53681 | HIGH | 7.2 | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through … | May 12, 2026 |
| CVE-2025-53680 | MEDIUM | 6.7 | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 … | May 12, 2026 |