|
161
|
9.8 |
CRITICAL
Network
|
nvidia
|
nvflare
|
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A succ…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-24178
|
2026-05-4 23:34 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
8.8 |
HIGH
Network
|
nvidia
|
nvflare
|
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerabil…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24186
|
2026-05-4 23:33 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
6.5 |
MEDIUM
Network
|
nvidia
|
nvflare
|
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-24204
|
2026-05-4 23:33 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
8.6 |
HIGH
Network
|
nvidia
|
nemoclaw
|
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that cause…
Update
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-24222
|
2026-05-4 23:31 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
6.3 |
MEDIUM
Local
|
nvidia
|
nemoclaw
|
NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL refere…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-24231
|
2026-05-4 23:30 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/p…
New
|
CWE-189
CWE-190
Numeric Errors
Integer Overflow or Wraparound
|
CVE-2026-7598
|
2026-05-4 23:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The…
Update
|
CWE-259
CWE-798
Use of Hard-coded Password
Use of Hard-coded Credentials
|
CVE-2026-7579
|
2026-05-4 23:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
7.2 |
HIGH
Network
|
-
|
-
|
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attack…
Update
|
CWE-89
SQL Injection
|
CVE-2026-7435
|
2026-05-4 23:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
- |
|
-
|
-
|
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-6499
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.
…
Update
|
CWE-22
Path Traversal
|
CVE-2026-5166
|
2026-05-4 23:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
