CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-40402
Critical

A use after free vulnerability in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40379
Critical

Azure Entra ID has an exposure of sensitive information that allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33117
Critical

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks.

CVE-2026-31242
Critical

The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement.

CVE-2026-31239
Critical

The mamba language model framework up to version 2.2.6 is vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the weights_only=True parameter, allowing the deserialization of arbitrary Python objects.

CVE-2026-31238
Critical

The Ludwig framework up to version 0.10.4 is vulnerable to insecure deserialization in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files without enabling the security-restrictive weights_only=True parameter, allowing the deserialization of arbitrary Python objects.

CVE-2026-31237
Critical

The Ludwig framework up to version 0.10.4 is vulnerable to insecure deserialization through its predict() method. This allows a remote attacker to execute arbitrary code on the system if a maliciously crafted pickle file is provided.

CVE-2026-31236
Critical

The llm CLI tool through version 0.27.1 contains a critical code injection vulnerability via its --functions argument. This argument allows custom Python function definitions, but the tool directly executes the code using the unsafe exec() function without sanitization. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and tricking a victim into running it, leading to arbitrary code execution on the victim's system.

CVE-2026-31235
Critical

The imgaug library through version 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. This class uses Python's pickle module to deserialize data from a multiprocessing queue without any safety checks.

CVE-2026-31234
Critical

Horovod up to version 0.28.1 contains an insecure deserialization vulnerability in its KVStore HTTP server component. The lack of authentication and authorization controls allows any remote attacker to send arbitrary data via HTTP PUT requests, leading to the potential execution of malicious code.

CVE-2026-31233
Critical

Guardrails AI up to version 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field, allowing for remote code execution.

CVE-2026-31231
Critical

Cognee up to version 0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint executes arbitrary Python code provided by the user using the unsafe exec() function without any sandboxing, validation, or security controls.

CVE-2026-31230
Critical

In the Adversarial Robustness Toolbox (ART) up to version 1.20.1, a command-line argument injection vulnerability was found in the Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values from the --clip_values and --input_shape arguments, allowing an attacker to remotely execute arbitrary Python code.

CVE-2026-31229
Critical

The Adversarial Robustness Toolbox (ART) up to version 1.20.1 contains an insecure deserialization vulnerability in the Kubeflow component's model loading functionality. The use of torch.load() without the weights_only=True parameter allows for the deserialization of arbitrary Python objects, potentially leading to remote code execution.

CVE-2026-29204
Critical

Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.

CVE-2026-26083
Critical

A missing authorization vulnerability in Fortinet FortiSandbox allows an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. The issue affects multiple versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS.

CVE-2026-43992
Critical

JunoClaw is an AI platform that prior to version 0.x.y-security-1 had a vulnerability where MCP tools accepted 'mnemonic: string' as a call parameter. This led to the BIP-39 seed being embedded in the LLM tool-call JSON, exposing it.

CVE-2026-20794
Critical

Buffer overflow in the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 may allow for privilege escalation. An adversary with system access and a low complexity attack may enable local code execution without user interaction.

CVE-2025-65719
Critical

Version 1.1.1 of the Open Source Kubectl MCP Server contains a vulnerability that allows attackers to execute arbitrary code on a victim's system via user interaction with a crafted HTML page.

CVE-2026-43515
Critical

Improper Authorization vulnerability occurs when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.

PreviousPage 79 of 559Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS