257750 matches found
CVE-2026-45804
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...
CVE-2026-58659
Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...
CVE-2026-60062 NGINX Agent Vulnerability
The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...
CVE-2026-60062
The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...
EUVD-2026-44678
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an...
CVE-2026-53566
creationtimestamp| type| source ---|---|--- 2026-07-15 14:15:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqovu3ew4h2c 2026-07-15 16:15:13+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/citrix-security-advisory-av26-702...
CVE-2026-56400
creationtimestamp| type| source ---|---|--- 2026-07-15 12:38:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqoqg5mume2p 2026-07-15 15:43:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqp2rmdoce2e...
CVE-2026-58555
Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-58550
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-44644
PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...
CVE-2026-60085 PraisonAI before 4.6.78 Unenforced Security Policy in Subprocess Sandbox
PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...
ROOT-APP-MAVEN-CVE-2026-48043 CVE-2026-48043 in io.root.io.netty:netty-codec-http2 - Patched by Root
Root has patched CVE-2026-48043 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...
CVE-2026-58077
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...
CVE-2026-12281
creationtimestamp| type| source ---|---|--- 2026-07-15 08:23:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqoc76djrl22 2026-07-15 12:00:16+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqoockgock2y...
CVE-2026-57821
creationtimestamp| type| source ---|---|--- 2026-07-15 07:06:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mqo5ue577x22 2026-07-15 12:59:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqormusgsl2h...
ROOT-APP-MAVEN-CVE-2024-29857 CVE-2024-29857 in io.root.org.bouncycastle:bcprov-jdk18on - Patched by Root
Root has patched CVE-2024-29857 in the io.root.org.bouncycastle:bcprov-jdk18on package for Root:Maven. Multiple fixed versions available...
CVE-2026-11580
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...
ROOT-OS-DEBIAN-11-CVE-2025-14524 CVE-2025-14524 in rootio-curl - Patched by Root
Root has patched CVE-2025-14524 in the rootio-curl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2023-46219 CVE-2023-46219 in rootio-curl - Patched by Root
Root has patched CVE-2023-46219 in the rootio-curl package for Root:Debian:11. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44488 CVE-2026-44488 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44488 in the @rootio/axios package for Root:npm. Multiple fixed versions available...