CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in picklescan before version 0.0.33 allows bypassing security checks by using the numpy.f2py.crackfortran.param_eval function in reduce methods. Attackers can embed undetected code in pickle files that executes during deserialization.
Picklescan before version 0.0.30 fails to detect malicious pickle files that invoke the torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution.
A vulnerability in picklescan before version 0.0.30 allows bypassing detection of malicious pickle files exploiting the lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.
The vulnerability in picklescan before version 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
A vulnerability in the workflow approval gate mechanism of the repository management system allows bypassing the approval gate for pull requests from permanent forks. An attacker can submit a pull request from a permanent fork without the required approval.
A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb. An attacker can gain unauthorized read access to private repositories.
A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of information against unauthorized access.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network by controlling file names or paths. The issue stems from external control over file paths, potentially leading to privilege escalation.
An improper input validation vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. The issue stems from improper access control.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

