CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/11 12:0 a.m.•5 views

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

6.1AI score0.00017EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•5 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

6.1AI score0.00047EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017539 advisory. In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. Tenable has...

7CVSS6.1AI score0.00351EPSS

CVE•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31253

The CVE-2026-31253 entry concerns the flash-attention training framework. A deserialization flaw exists in the checkpoint loading path (checkpoint.py load_checkpoint and eval.py) where torch.load() is used without weights_only=True, enabling pickle-based object deserialization. This can allow an ...

7.3CVSS6.1AI score0.00047EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39693

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

8.4CVSS6.4AI score0.00014EPSS

CNNVD•added 2026/05/11 12:0 a.m.•5 views

WordPress plugin Custom css-js-php 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.3CVSS6.2AI score0.00966EPSS

Exploits1References1

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

RHEL 8 : libtiff (RHSA-2026:16055)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16055 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...

7.8CVSS6.3AI score0.00033EPSS

Cvelist•added 2026/05/11 12:0 a.m.•27 views

CVE-2026-37630

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

0.0009EPSS

Exploits0References1

CNNVD•added 2026/05/11 12:0 a.m.•4 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice. This vulnerability stemmed from the model loading component using torch.load to load model weight files without enabling th...

5.7CVSS6.2AI score0.00017EPSS

AlmaLinux•added 2026/05/11 12:0 a.m.•5 views

Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

7.8CVSS6.2AI score0.00033EPSS

OSV•added 2026/05/11 12:0 a.m.•2 views

ALSA-2026:16055 Important: libtiff security update

7.8CVSS6.2AI score0.00033EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•4 views

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

6.1AI score0.00047EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•10 views

PT-2026-39634

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its make parquet list.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load withou...

6.1AI score0.00047EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39637

6.1AI score0.00017EPSS

Cvelist•added 2026/05/11 12:0 a.m.•26 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

0.00047EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-37630

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

6.2AI score0.0009EPSS

Exploits0References1

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

MiracleLinux 8 : mingw-libtiff-4.0.9-4.el8_10 (AXSA:2026-594:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-594:01 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

7.8CVSS6.3AI score0.00033EPSS