417525 matches found
EUVD-2025-210415
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...
EUVD-2025-210414
picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...
EUVD-2025-210412
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...
EUVD-2025-210413
picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...
EUVD-2025-210411
picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.makelabel function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load is called...
EUVD-2025-210410
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...
EUVD-2026-41656
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
EUVD-2026-41655
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...
EUVD-2026-41654
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...
EUVD-2026-41653
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-41610
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...
EUVD-2026-41609
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
EUVD-2026-41608
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...
EUVD-2026-41605
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...
EUVD-2026-41607
Permanent Fork PR Workflow Approval Gate Bypass...
EUVD-2026-41606
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...
EUVD-2026-41604
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service...
EUVD-2026-41603
Notification API leaks private issue metadata after access revocation...
EUVD-2026-41602
SSRF via HTTP Redirect in Repository Migration...
EUVD-2026-41601
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local...
EUVD-2026-41600
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...
EUVD-2026-41599
Operation on a resource after expiration or release in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
EUVD-2026-41598
Microsoft Edge Chromium-based Spoofing Vulnerability...
EUVD-2026-41597
Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41596
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41595
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...
EUVD-2026-41594
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41592
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...
EUVD-2026-41593
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...
EUVD-2026-41591
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-41590
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41589
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41588
Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41587
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41586
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41584
Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41585
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41583
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41580
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41581
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41582
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41579
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
EUVD-2026-41578
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41577
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41576
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41575
Integer overflow or wraparound in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41574
User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41573
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...
EUVD-2026-41572
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
EUVD-2026-41571
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...