Search

2,754 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL10.0CVE-2026-46412Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm5/19/2026
CRITICAL9.8CVE-2026-45772EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection5/19/2026
CRITICAL10.0CVE-2026-463399router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes5/19/2026
CRITICAL9.8CVE-2026-31072EPSS 0.18%APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization5/19/2026
CRITICAL9.6CVE-2026-45758Malicious code in guardrails-ai 0.10.1 (supply chain compromise)5/19/2026
CRITICAL9.6CVE-2026-2587GlassFish's gadget handler is vulnerable to RCE5/19/2026
CRITICAL9.8CVE-2026-7304EPSS 0.43%SGLang: Unauthenticated RCE via --enable-custom-logit-processor5/18/2026
CRITICAL9.1CVE-2026-7302EPSS 0.10%SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability5/18/2026
CRITICAL9.8CVE-2026-7301EPSS 0.06%SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket5/18/2026
CRITICAL9.8CVE-2026-45411EPSS 0.08%vm2 Has a Sandbox Breakout Using Async Generator5/14/2026
CRITICAL10.0CVE-2026-45369EPSS 0.01%utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol5/14/2026
CRITICAL9.6CVE-2026-45311EPSS 0.05%DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval5/14/2026
CRITICAL9.3CVE-2026-44990Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`5/14/2026
CRITICAL9.8CVE-2026-45083EPSS 0.05%Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy5/13/2026
CRITICAL9.1CVE-2026-44650EPSS 0.10%SillyTavern has a Path Traversal issue5/12/2026
CRITICAL9.8CVE-2026-44649EPSS 0.09%SillyTavern has Authentication Bypass via SSO Header Injection5/12/2026
CRITICAL9.1CVE-2026-33117EPSS 0.03%Security feature bypass vulnerability in Azure Key Vault Keys library for Java5/12/2026
CRITICAL9.8CVE-2026-31239EPSS 0.05%mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub5/12/2026
CRITICAL9.8CVE-2026-31238EPSS 0.09%Ludwig framework is vulnerable to insecure deserialization in its model serving component5/12/2026
CRITICAL9.8CVE-2026-31237EPSS 0.51%Ludwig framework is vulnerable to insecure deserialization through its predict() method.5/12/2026
CRITICAL9.8CVE-2026-31236EPSS 0.10%llm CLI tool contains a code injection vulnerability via `--functions` command-line argument5/12/2026
CRITICAL9.8CVE-2026-31235EPSS 0.09%imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module5/12/2026
CRITICAL9.8CVE-2026-31234EPSS 0.73%Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component5/12/2026
CRITICAL9.8CVE-2026-31233EPSS 0.38%Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism5/12/2026
CRITICAL9.1CVE-2026-43515EPSS 0.10%Apache Tomcat - Security constraints not correctly applied5/12/2026

← PrevPage 2 of 111Next →