|
1371
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the un…
|
CWE-88
Argument Injection
|
CVE-2026-31230
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights f…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31229
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
- |
|
-
|
-
|
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review …
|
CWE-863
Incorrect Authorization
|
CVE-2026-2725
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.
|
CWE-94
Code Injection
|
CVE-2025-65719
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
- |
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvide…
|
CWE-285
CWE-668
Improper Authorization
Exposure of Resource to Wrong Sphere
|
CVE-2026-42875
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
4.9 |
MEDIUM
Network
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSec…
|
CWE-285
Improper Authorization
|
CVE-2026-42876
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8290
|
2026-05-14 01:11 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8267
|
2026-05-14 01:10 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
- |
|
-
|
-
|
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted app…
|
CWE-601
Open Redirect
|
CVE-2026-41513
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1380
|
7.5 |
HIGH
Network
|
-
|
-
|
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protoc…
|
CWE-20
CWE-248
CWE-400
Improper Input Validation
Uncaught Exception
Uncontrolled Resource Consumption
|
CVE-2026-42544
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
