Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,512
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,661 - 1,680 of 40,198 CVEs
CVE-2025-71359 HIGH - 8.1

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deser...

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71356 HIGH - 8.1

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71353 HIGH - 8.1

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71347 HIGH - 8.1

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary code ...

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71345 HIGH - 8.1

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71343 HIGH - 8.1

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71342 HIGH - 8.1

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2026-54424 HIGH - 8.4

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version isย Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of p...

Vendor: Unity
Product: Parsec
Published: Jul 04, 2026
Source: NVD
CVE-2026-58523 MEDIUM - 6.5

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case s...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 03, 2026
Source: NVD
CVE-2026-58597 MEDIUM - 4.3

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58524 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58522 MEDIUM - 6.8

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58426 CRITICAL - 9.6

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58424 HIGH - 8.9

Permanent Fork PR Workflow Approval Gate Bypass

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58423 HIGH - 7.7

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58422 CRITICAL - 9.8

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58421 HIGH - 7.5

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58419 HIGH - 7.5

Notification API leaks private issue metadata after access revocation

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58418 MEDIUM - 6.5

SSRF via HTTP Redirect in Repository Migration

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD