|
1311
|
7.5 |
HIGH
Network
|
-
|
-
|
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::_error() writes the full exception message, exception code, and stack trace (including absolute fil…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-42552
|
2026-05-16 04:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1312
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user,…
|
CWE-94
Code Injection
|
CVE-2026-31231
|
2026-05-16 04:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1313
|
8.8 |
HIGH
Network
|
snorkel
|
snorkel
|
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler mo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31223
|
2026-05-16 04:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1314
|
8.8 |
HIGH
Network
|
snorkel
|
snorkel
|
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.lo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31222
|
2026-05-16 04:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1315
|
8.8 |
HIGH
Network
|
lightningai
|
pytorch_lightning
|
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31221
|
2026-05-16 04:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1316
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged…
|
CWE-94
Code Injection
|
CVE-2026-31220
|
2026-05-16 04:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1317
|
7.5 |
HIGH
Network
|
signalk
|
signal_k_server
|
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST /login and POST /signalk/v1/auth/login) are protected by express-…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-41893
|
2026-05-16 04:14 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1318
|
5.3 |
MEDIUM
Network
|
apache
|
commons_configuration
|
Uncontrolled Recursion vulnerability in Apache Commons.
When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles.
This issue …
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-45205
|
2026-05-16 03:40 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1319
|
7.4 |
HIGH
Network
|
microsoft
|
authenticator
|
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
|
CWE-200
Information Exposure
|
CVE-2026-41615
|
2026-05-16 03:39 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1320
|
8.8 |
HIGH
Network
|
microsoft
|
windows_admin_center
|
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
|
CWE-284
Improper Access Control
|
CVE-2026-41086
|
2026-05-16 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
