Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-27723 | UNKNOWN | — | Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial … | May 12, 2026 |
| CVE-2026-43515 | UNKNOWN | — | Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 … | May 12, 2026 |
| CVE-2026-43514 | UNKNOWN | — | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from … | May 12, 2026 |
| CVE-2026-43513 | UNKNOWN | — | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from … | May 12, 2026 |
| CVE-2026-43512 | UNKNOWN | — | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from … | May 12, 2026 |
| CVE-2026-42498 | UNKNOWN | — | Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from … | May 12, 2026 |
| CVE-2026-41293 | UNKNOWN | — | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from … | May 12, 2026 |
| CVE-2026-41284 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from … | May 12, 2026 |
| CVE-2026-34187 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 … | May 12, 2026 |
| CVE-2026-31228 | UNKNOWN | — | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses … | May 12, 2026 |
| CVE-2026-31226 | UNKNOWN | — | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the … | May 12, 2026 |
| CVE-2026-31225 | UNKNOWN | — | The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe … | May 12, 2026 |
| CVE-2026-31224 | UNKNOWN | — | The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files … | May 12, 2026 |
| CVE-2026-31223 | UNKNOWN | — | The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler … | May 12, 2026 |
| CVE-2026-31222 | UNKNOWN | — | The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files … | May 12, 2026 |
| CVE-2026-31221 | UNKNOWN | — | PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load … | May 12, 2026 |
| CVE-2026-31220 | UNKNOWN | — | PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows … | May 12, 2026 |
| CVE-2026-31219 | UNKNOWN | — | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides … | May 12, 2026 |
| CVE-2026-31218 | UNKNOWN | — | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model … | May 12, 2026 |
| CVE-2026-31217 | UNKNOWN | — | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory … | May 12, 2026 |
| CVE-2026-31216 | UNKNOWN | — | The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, … | May 12, 2026 |
| CVE-2026-31215 | UNKNOWN | — | The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and … | May 12, 2026 |
| CVE-2026-31214 | UNKNOWN | — | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint … | May 12, 2026 |
| CVE-2026-30810 | UNKNOWN | — | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | May 12, 2026 |
| CVE-2026-30808 | UNKNOWN | — | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | May 12, 2026 |