|
2021
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentica…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31216
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2022
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user …
|
CWE-94
Code Injection
|
CVE-2026-31217
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2023
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev…
|
CWE-94
Code Injection
|
CVE-2026-31228
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2024
|
8.8 |
HIGH
Network
|
-
|
-
|
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function t…
|
CWE-94
Code Injection
|
CVE-2026-31225
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2025
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C…
|
CWE-416
Use After Free
|
CVE-2026-45185
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2026
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31214
|
2026-05-14 00:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2027
|
8.0 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-27753
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2028
|
5.4 |
MEDIUM
Network
|
-
|
-
|
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-30059
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2029
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system…
|
CWE-78
OS Command
|
CVE-2026-31246
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2030
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-31247
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
