Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20322
Total
1466
Critical
6160
High
6453
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12252 | HIGH | 7.8 | In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes … | Jul 04, 2026 |
| CVE-2025-71380 | HIGH | 8.8 | The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or … | Jul 04, 2026 |
| CVE-2025-71375 | HIGH | 8.1 | picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller … | Jul 04, 2026 |
| CVE-2025-71373 | HIGH | 8.1 | picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads … | Jul 04, 2026 |
| CVE-2025-71372 | HIGH | 8.1 | Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute … | Jul 04, 2026 |
| CVE-2025-71369 | HIGH | 8.1 | picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed … | Jul 04, 2026 |
| CVE-2025-71367 | HIGH | 8.1 | picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files … | Jul 04, 2026 |
| CVE-2025-71366 | HIGH | 8.1 | picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code … | Jul 04, 2026 |
| CVE-2025-71364 | HIGH | 8.1 | picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this … | Jul 04, 2026 |
| CVE-2025-71362 | HIGH | 8.1 | picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that … | Jul 04, 2026 |
| CVE-2025-71360 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes … | Jul 04, 2026 |
| CVE-2025-71359 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files … | Jul 04, 2026 |
| CVE-2025-71356 | HIGH | 8.1 | picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code … | Jul 04, 2026 |
| CVE-2025-71353 | HIGH | 8.1 | picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that … | Jul 04, 2026 |
| CVE-2025-71347 | HIGH | 8.1 | picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed … | Jul 04, 2026 |
| CVE-2025-71345 | HIGH | 8.1 | picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, … | Jul 04, 2026 |
| CVE-2025-71343 | HIGH | 8.1 | picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded … | Jul 04, 2026 |
| CVE-2025-71342 | HIGH | 8.1 | picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during … | Jul 04, 2026 |
| CVE-2026-54424 | HIGH | 8.4 | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through … | Jul 04, 2026 |
| CVE-2026-58523 | MEDIUM | 6.5 | Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. | Jul 03, 2026 |
| CVE-2026-14617 | LOW | 3.1 | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming … | Jul 03, 2026 |
| CVE-2026-58597 | MEDIUM | 4.3 | Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 03, 2026 |
| CVE-2026-58524 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 03, 2026 |
| CVE-2026-58522 | MEDIUM | 6.8 | Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | Jul 03, 2026 |
| CVE-2026-58426 | CRITICAL | 9.6 | Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | Jul 03, 2026 |