CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10639 matches found

Flowise - NVIDIA NIM Endpoints Missing Authentication

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generati...

9.8CVSS5.8AI score0.3625EPSS

Exploits2References3

Cvelist•added 2 days ago•38 views

CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS

Exploits1References2

CVE•added 2 days ago•14 views

CVE-2026-55447

Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...

9.6CVSS5.9AI score

Exploits1References2Affected Software1

RedHat Linux•added 3 days ago•6 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for NVIDIA for RHEL 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

5.9AI score0.00291EPSS

Exploits0References4

AstraLinux•added 6 days ago•1 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity reports a possible buffer overflow issue. However, given the ‘static’ scope of nvidiasetupi2cbus, it seems that this issue cannot occur after examining the...

7.8CVSS6.4AI score0.00263EPSS

Exploits0References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference to hiddevice for devm allocation of the inputdev name. Using hiddevice for devm allocation of the inputdev name helps prevent use-after-free issues. inputunregisterdevice will trigger the cleanup of...

7.8CVSS5.3AI score0.00133EPSS

Exploits0References2

NVD•added 2026/06/17 6:18 p.m.•9 views

CVE-2026-53805

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

9.8CVSS0.00685EPSS

Exploits0References4

CVE•added 2026/06/17 4:44 p.m.•14 views

CVE-2026-53805

CVE-2026-53805 affects NVIDIA Spatial Intelligence Lab’s GEN3C. It describes an unauthenticated remote code execution vulnerability in the inference API server, exploitable via /request-inference and /seed-model endpoints that deserialize raw HTTP bodies with Python pickle.loads() without authent...

9.8CVSS6.3AI score0.00685EPSS

Exploits0References4

NVD•added 2026/06/16 5:16 p.m.•13 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS

Exploits0References3

NVD•added 2026/06/16 5:16 p.m.•9 views

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00161EPSS

Exploits0References3

CVE•added 2026/06/16 4:9 p.m.•14 views

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where deserialization of untrusted data may lead to code execution, privilege escalation, data tampering, and information disclosure. The connected NVIDIA security bulletin confirms affected product: NVIDIA NeMo Framework for Linux, with af...

7.8CVSS5.6AI score0.00161EPSS

Exploits0References3Affected Software1

EUVD•added 2026/06/16 4:9 p.m.•11 views

EUVD-2026-37130

7.8CVSS5.5AI score0.00161EPSS

Exploits0References3

Cvelist•added 2026/06/16 4:8 p.m.•24 views

CVE-2026-24155

7.8CVSS0.00193EPSS

Exploits0References3

CVE•added 2026/06/16 4:8 p.m.•11 views

CVE-2026-24155

CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...

7.8CVSS5.4AI score0.00193EPSS

Exploits0References3Affected Software1

EUVD•added 2026/06/16 4:8 p.m.•9 views

EUVD-2026-37129

7.8CVSS5.3AI score0.00193EPSS

Exploits0References3

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-49725

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description NVIDIA NeMo Framework contains a code injection flaw. A successful exploit could lead to arbitrary code execution, escalation of privileges, information disclosure, and data...

7.8CVSS5.5AI score0.00193EPSS

Exploits0References5

Positive Technologies•added 2026/06/16 12:0 a.m.•9 views

PT-2026-49726

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework for Linux affected versions not specified Description An issue exists where an attacker may cause deserialization of untrusted data. Deserialization is the process of converting a data stream back into an object. A...

7.8CVSS5.5AI score0.00161EPSS

Exploits0References5

Nvidia•added 2026/06/16 12:0 a.m.•7 views

Security Bulletin: NVIDIA NeMo - June 2026

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.7.3 or later from the NVIDIA-NeMo/NeMo GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this...

7.8CVSS5.8AI score0.00193EPSS

Exploits0Affected Software1

Positive Technologies•added 2026/06/13 12:0 a.m.•12 views

PT-2026-49092

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure popen. secure popen is explicitly designed to interpret &&, |, and as shell operator...

7.8CVSS6.6AI score0.00021EPSS

Exploits0References5

RedHat Linux•added 2026/06/12 7:50 p.m.•4 views

Critical: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for NVIDIA for RHEL 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

9.8CVSS4.8AI score0.00514EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by