|
4551
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework auto…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31237
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4552
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function def…
|
CWE-94
Code Injection
|
CVE-2026-31236
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4553
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31235
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4554
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31234
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4555
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieve…
|
CWE-94
Code Injection
|
CVE-2026-31233
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4556
|
8.8 |
HIGH
Network
|
-
|
-
|
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model f…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31232
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4557
|
- |
|
-
|
-
|
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other…
|
CWE-754
CWE-863
Improper Check for Unusual or Exceptional Conditions
Incorrect Authorization
|
CVE-2026-42349
|
2026-05-15 04:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4558
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41284
|
2026-05-15 03:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4559
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
|
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
|
CWE-416
Use After Free
|
CVE-2026-8390
|
2026-05-15 03:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4560
|
7.5 |
HIGH
Network
|
pgbouncer
|
pgbouncer
|
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6664
|
2026-05-15 03:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
