CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/12 12:0 a.m.•4 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00282EPSS

Vulnrichment•added 2026/05/12 12:0 a.m.•3 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

6.3AI score0.00164EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-39944

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filter images function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing preg replace that does not properly handle HTML attribute boundaries when replacing...

6.4CVSS6AI score0.00036EPSS

Exploits0References6

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Mamba 安全漏洞

Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...

9.8CVSS6.2AI score0.00054EPSS

CNNVD•added 2026/05/12 12:0 a.m.•3 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...

8.8CVSS6.1AI score0.00282EPSS

CNNVD•added 2026/05/12 12:0 a.m.•3 views

OptiMate 安全漏洞

OptiMate is an AI model optimization tool library developed by Nebuly. There is a security vulnerability in OptiMate. This vulnerability stems from the loadmodel function in the neuralmagictraining.py script, which loads the statedict.pt file using torch.load, without enabling the weightsonly=Tru...

8.8CVSS6.2AI score0.00164EPSS

CNNVD•added 2026/05/12 12:0 a.m.•8 views

WordPress plugin BJ Lazy Load 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00036EPSS

NVD•added 2026/05/11 8:25 p.m.•5 views

CVE-2026-42050

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...

5.5CVSS0.00014EPSS

Vulnrichment•added 2026/05/11 7:46 p.m.•5 views

CVE-2026-42050 ImageMagick: Stack buffer overflow in XTileImage

EUVD•added 2026/05/11 7:46 p.m.•4 views

EUVD-2026-29204

Cvelist•added 2026/05/11 7:46 p.m.•29 views

CVE-2026-42050 ImageMagick: Stack buffer overflow in XTileImage

5.5CVSS0.00014EPSS

CVE•added 2026/05/11 7:46 p.m.•47 views

CVE-2026-42050

ImageMagick pre-7.1.2-21 and pre-6.9.13-46 is affected by a stack buffer overflow in XTileImage triggered when processing a malicious MIFF file in the display tool via the Load/Update tile action. Public sources consistently describe this as a stack buffer overflow vulnerability in XTileImage, po...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/11 7:46 p.m.•4 views

CVE-2026-42050