CVE-2026-31237

The Ludwig framework (up to version 0.10.4) is reported to be vulnerable to insecure deserialization (CWE-502) in its predict() function. If a user supplies a dataset file path to predict(), Ludwig attempts to determine the file format and, when encountering a pickle (.pkl) file, loads it via pan...

May 12, 2026-KB5088862 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022

May 12, 2026-KB5088862 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: May 12, 2026 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. Security...

PT-2026-40187

Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Description Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...

Microsoft .NET 输入验证错误漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There is an input validation vulnerability in Microsoft .NET. Attackers can...

May 12, 2026-KB5087077 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later

May 12, 2026-KB5087077 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 build 28000 and later Release Date: May 12, 2026 Version: .NET Framework 3.5 The May 12, 2026 update installs the complete .NET Framework 3.5 product for Windows 11, version 26H1 build version 28000 and...

May 12, 2026-KB5087052 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2

May 12, 2026-KB5087052 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: May 12, 2026 Version: .NET Framework 3.5 and 4.8.1 The May 12, 2026 update for Microsoft server operating system, version 23H2 includes security and cumulati...

Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

TinyZero 安全漏洞

TinyZero is an inference model training tool developed by Jiayi Pan, based on reinforcement learning, and aimed at replicating the DeepSeek R1 Zero. TinyZero has a security vulnerability. This vulnerability stems from the copy function in the HDFS file manipulation tool, which insecurely construc...

EFW Framework 安全漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the previewServlet not performing content...

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5088860)

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB5088860 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...

Microsoft .NET 输入验证错误漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and transparency in networking. There is an input validation vulnerability in Microsoft .NET. Attackers c...

May 12, 2026-KB5088859 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2

May 12, 2026-KB5088859 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 Release Date: May 12, 2026 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2...

May 12, 2026-KB5088864 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019

May 12, 2026-KB5088864 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: May 12, 2026 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 for...

CVE-2026-42554

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

CVE-2026-42554

CVE-2026-42554 describes an XSS in Fiber’s AutoFormat content negotiation. Affected: GoFiber/v3 up to 3.1.0 and GoFiber/v2 up to 2.52.12. Root cause: the html branch of AutoFormat can emit raw, attacker-influenced data wrapped in HTML when the client sends Accept: text/html, enabling injection of...

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

PHP Remote File Inclusion

Overview yiisoft/yii2 is a Yii PHP Framework. Affected versions of this package are vulnerable to PHP Remote File Inclusion via the View::renderPhpFile process. An attacker can access arbitrary files or potentially execute code by supplying a specially crafted file parameter in the $params array,...

Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

GHSA-5VPG-RJ7Q-QPW2 Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

CVE-2026-42874 Microdot: HTTP response splitting in Response.set_cookie()

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...