Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31231 | UNKNOWN | — | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python … | May 12, 2026 |
| CVE-2026-31230 | CRITICAL | 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function … | May 12, 2026 |
| CVE-2026-31229 | CRITICAL | 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from … | May 12, 2026 |
| CVE-2026-29204 | CRITICAL | 9.1 | Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized … | May 12, 2026 |
| CVE-2026-26083 | CRITICAL | 9.8 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox … | May 12, 2026 |
| CVE-2026-25690 | MEDIUM | 4.3 | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through … | May 12, 2026 |
| CVE-2026-25088 | MEDIUM | 5.4 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR … | May 12, 2026 |
| CVE-2026-21530 | MEDIUM | 6.7 | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-20767 | UNKNOWN | — | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. … | May 12, 2026 |
| CVE-2026-20714 | UNKNOWN | — | Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged … | May 12, 2026 |
| CVE-2025-67604 | MEDIUM | 5.3 | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, … | May 12, 2026 |
| CVE-2025-53870 | MEDIUM | 6.7 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, … | May 12, 2026 |
| CVE-2025-53844 | HIGH | 8.8 | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or … | May 12, 2026 |
| CVE-2025-53681 | HIGH | 7.2 | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through … | May 12, 2026 |
| CVE-2025-53680 | MEDIUM | 6.7 | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 … | May 12, 2026 |
| CVE-2025-46311 | HIGH | 7.5 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS … | May 12, 2026 |
| CVE-2025-43524 | HIGH | 8.8 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app … | May 12, 2026 |
| CVE-2026-8407 | MEDIUM | 4.3 | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret … | May 12, 2026 |
| CVE-2026-8278 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: … | May 12, 2026 |
| CVE-2026-5089 | UNKNOWN | — | YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 … | May 12, 2026 |
| CVE-2026-43993 | HIGH | 8.2 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, … | May 12, 2026 |
| CVE-2026-43992 | CRITICAL | 9.8 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: … | May 12, 2026 |
| CVE-2026-43991 | HIGH | 8.4 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument … | May 12, 2026 |
| CVE-2026-43990 | HIGH | 8.4 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' … | May 12, 2026 |
| CVE-2026-43989 | HIGH | 8.5 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and … | May 12, 2026 |