Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31221 | UNKNOWN | — | PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load … | May 12, 2026 |
| CVE-2026-31220 | UNKNOWN | — | PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows … | May 12, 2026 |
| CVE-2026-31219 | UNKNOWN | — | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides … | May 12, 2026 |
| CVE-2026-31218 | UNKNOWN | — | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model … | May 12, 2026 |
| CVE-2026-31217 | UNKNOWN | — | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory … | May 12, 2026 |
| CVE-2026-31216 | UNKNOWN | — | The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, … | May 12, 2026 |
| CVE-2026-31215 | UNKNOWN | — | The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and … | May 12, 2026 |
| CVE-2026-31214 | UNKNOWN | — | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint … | May 12, 2026 |
| CVE-2026-30810 | UNKNOWN | — | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | May 12, 2026 |
| CVE-2026-30808 | UNKNOWN | — | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | May 12, 2026 |
| CVE-2026-30807 | UNKNOWN | — | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | May 12, 2026 |
| CVE-2026-30805 | UNKNOWN | — | Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 | May 12, 2026 |
| CVE-2023-30059 | UNKNOWN | — | An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter … | May 12, 2026 |
| CVE-2023-27753 | UNKNOWN | — | An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | May 12, 2026 |
| CVE-2026-8401 | UNKNOWN | — | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3. | May 12, 2026 |
| CVE-2026-8368 | UNKNOWN | — | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and … | May 12, 2026 |
| CVE-2026-8111 | HIGH | 8.8 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | May 12, 2026 |
| CVE-2026-8110 | HIGH | 7.8 | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | May 12, 2026 |
| CVE-2026-8109 | MEDIUM | 6.5 | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | May 12, 2026 |
| CVE-2026-8051 | HIGH | 7.2 | OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | May 12, 2026 |
| CVE-2026-8043 | CRITICAL | 9.6 | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML … | May 12, 2026 |
| CVE-2026-7432 | HIGH | 7.8 | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | May 12, 2026 |
| CVE-2026-7431 | MEDIUM | 4.4 | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log … | May 12, 2026 |
| CVE-2026-6866 | UNKNOWN | — | CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings … | May 12, 2026 |
| CVE-2026-5061 | MEDIUM | 4.7 | The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. … | May 12, 2026 |