CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-44277
Critical

An improper access control vulnerability exists in Fortinet FortiAuthenticator versions 8.0.2, 8.0.0, 6.6.0 through 6.6.8, and 6.5.0 through 6.5.6. This may allow an attacker to execute unauthorized code or commands via crafted requests.

CVE-2026-44196
Critical

In Pingvin Share X versions 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker with a valid username and password to completely skip the two-factor authentication (TOTP) requirement. This vulnerability is fixed in version 1.16.3.

CVE-2026-44183
Critical

CVE-2026-44183 affects the Cleanuparr tool, which automates the cleanup of unwanted files in Sonarr, Radarr, and supported download clients. In versions prior to 2.9.10, an attacker could exploit the X-Forwarded-For header to spoof the client IP address, allowing unauthorized access to the administrator account.

CVE-2026-42898
Critical

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42833
Critical

Nieprawidłowa kontrola generowania kodu ('iniekcja kodu') w Microsoft Dynamics 365 (wersja lokalna) umożliwia autoryzowanemu atakującemu wykonanie kodu w sieci.

CVE-2026-42823
Critical

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-42300
Critical

DevGuard prior to version 1.2.2 accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. This allows an unauthenticated attacker to issue requests as that user, potentially taking control of the organization's resources.

CVE-2026-42048
Critical

Langflow, a tool for building and deploying AI agents, is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases) prior to version 1.9.0. An attacker can exploit this flaw to delete arbitrary directories on the server.

CVE-2026-41103
Critical

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira and Confluence allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41096
Critical

A heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

CVE-2026-41089
Critical

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CVE-2026-40402
Critical

A use after free vulnerability in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40379
Critical

Azure Entra ID has an exposure of sensitive information that allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33117
Critical

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks.

CVE-2026-31242
Critical

The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement.

CVE-2026-31239
Critical

The mamba language model framework up to version 2.2.6 is vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the weights_only=True parameter, allowing the deserialization of arbitrary Python objects.

CVE-2026-31238
Critical

The Ludwig framework up to version 0.10.4 is vulnerable to insecure deserialization in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files without enabling the security-restrictive weights_only=True parameter, allowing the deserialization of arbitrary Python objects.

CVE-2026-31237
Critical

The Ludwig framework up to version 0.10.4 is vulnerable to insecure deserialization through its predict() method. This allows a remote attacker to execute arbitrary code on the system if a maliciously crafted pickle file is provided.

CVE-2026-31236
Critical

The llm CLI tool through version 0.27.1 contains a critical code injection vulnerability via its --functions argument. This argument allows custom Python function definitions, but the tool directly executes the code using the unsafe exec() function without sanitization. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and tricking a victim into running it, leading to arbitrary code execution on the victim's system.

CVE-2026-31235
Critical

The imgaug library through version 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. This class uses Python's pickle module to deserialize data from a multiprocessing queue without any safety checks.

PreviousPage 80 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS