Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33821 | HIGH | 7.7 | Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-33117 | CRITICAL | 9.1 | Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-33112 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-33110 | HIGH | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-32209 | MEDIUM | 4.4 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-32204 | HIGH | 7.8 | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32185 | MEDIUM | 5.5 | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-32177 | HIGH | 7.3 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32175 | MEDIUM | 4.3 | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories … | May 12, 2026 |
| CVE-2026-32170 | MEDIUM | 6.7 | Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32161 | HIGH | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an … | May 12, 2026 |
| CVE-2026-31245 | MEDIUM | 5.3 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary … | May 12, 2026 |
| CVE-2026-31244 | MEDIUM | 6.5 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary … | May 12, 2026 |
| CVE-2026-31243 | MEDIUM | 6.5 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated … | May 12, 2026 |
| CVE-2026-31242 | CRITICAL | 9.1 | The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send … | May 12, 2026 |
| CVE-2026-31241 | MEDIUM | 6.5 | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory … | May 12, 2026 |
| CVE-2026-31240 | UNKNOWN | — | The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are … | May 12, 2026 |
| CVE-2026-31239 | UNKNOWN | — | The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() … | May 12, 2026 |
| CVE-2026-31238 | UNKNOWN | — | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve … | May 12, 2026 |
| CVE-2026-31237 | UNKNOWN | — | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the … | May 12, 2026 |
| CVE-2026-31236 | UNKNOWN | — | The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to … | May 12, 2026 |
| CVE-2026-31235 | UNKNOWN | — | The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to … | May 12, 2026 |
| CVE-2026-31234 | UNKNOWN | — | Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication … | May 12, 2026 |
| CVE-2026-31233 | UNKNOWN | — | Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the … | May 12, 2026 |
| CVE-2026-31232 | UNKNOWN | — | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a … | May 12, 2026 |