CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The llm CLI tool through version 0.27.1 contains a critical code injection vulnerability via its --functions argument. This argument allows custom Python function definitions, but the tool directly executes the code using the unsafe exec() function without sanitization. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and tricking a victim into running it, leading to arbitrary code execution on the victim's system.
The imgaug library through version 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. This class uses Python's pickle module to deserialize data from a multiprocessing queue without any safety checks.
Horovod up to version 0.28.1 contains an insecure deserialization vulnerability in its KVStore HTTP server component. The lack of authentication and authorization controls allows any remote attacker to send arbitrary data via HTTP PUT requests, leading to the potential execution of malicious code.
Guardrails AI up to version 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field, allowing for remote code execution.
Cognee up to version 0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint executes arbitrary Python code provided by the user using the unsafe exec() function without any sandboxing, validation, or security controls.
In the Adversarial Robustness Toolbox (ART) up to version 1.20.1, a command-line argument injection vulnerability was found in the Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values from the --clip_values and --input_shape arguments, allowing an attacker to remotely execute arbitrary Python code.
The Adversarial Robustness Toolbox (ART) up to version 1.20.1 contains an insecure deserialization vulnerability in the Kubeflow component's model loading functionality. The use of torch.load() without the weights_only=True parameter allows for the deserialization of arbitrary Python objects, potentially leading to remote code execution.
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.
A missing authorization vulnerability in Fortinet FortiSandbox allows an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. The issue affects multiple versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS.
JunoClaw is an AI platform that prior to version 0.x.y-security-1 had a vulnerability where MCP tools accepted 'mnemonic: string' as a call parameter. This led to the BIP-39 seed being embedded in the LLM tool-call JSON, exposing it.
Buffer overflow in the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 may allow for privilege escalation. An adversary with system access and a low complexity attack may enable local code execution without user interaction.
Version 1.1.1 of the Open Source Kubectl MCP Server contains a vulnerability that allows attackers to execute arbitrary code on a victim's system via user interaction with a crafted HTML page.
Improper Authorization vulnerability occurs when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.
A vulnerability in the digest authentication mechanism in Apache Tomcat allows for authentication bypass. This affects versions from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, 8.5.0 to 8.5.100, and versions before 7.0.0.
The vulnerability related to improper input validation in Apache Tomcat may lead to unauthorized access or data manipulation. It affects versions from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from 9.0.0.M1 to 9.0.117, and from 10.0.0-M1 to 10.0.27.
CVE-2026-34187 is a vulnerability related to improper neutralization of special elements used in SQL commands, allowing SQL Injection via graph container parameter. This issue affects Pandora FMS versions from 777 to 800.
Adversarial Robustness Toolbox (ART) through version 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for LossFn and Optimizer parameters without any sanitization, allowing an attacker to inject arbitrary Python code.
The TinyZero project contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without proper input sanitization or escaping.
PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. Low-privileged users can submit Python functions for remote execution on the server, creating a risk of executing dangerous code.
The _load_model() function in the neural_magic_training.py script of the optimate project allows arbitrary code execution. A user can supply a directory path via the --model command-line argument, which allows reading and executing the module.py file from that directory without validating its content.

