CVE Database

51+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

51 results for "CWE-5"

CVE-2026-14904
6.5 MEDIUM

AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources …

Jul 7, 2026
CVE-2026-51947
9.8 CRITICAL

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code …

Jul 1, 2026
CVE-2026-49088
4.4 MEDIUM

Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, …

Jul 1, 2026
CVE-2026-9650

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system …

Jun 25, 2026
CVE-2026-25193
8.1 HIGH

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites …

May 25, 2026
CVE-2026-44501
4.3 MEDIUM

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the OIDC …

May 14, 2026
CVE-2026-31239
9.8 CRITICAL

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() …

May 12, 2026
CVE-2026-31238
9.8 CRITICAL

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve …

May 12, 2026
CVE-2026-31237
9.8 CRITICAL

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the …

May 12, 2026
CVE-2026-31234
9.8 CRITICAL

Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication …

May 12, 2026
CVE-2026-31232
8.8 HIGH

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a …

May 12, 2026
CVE-2026-31229
9.8 CRITICAL

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from …

May 12, 2026
CVE-2026-31224
8.8 HIGH

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files …

May 12, 2026
CVE-2026-31223
8.8 HIGH

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler …

May 12, 2026
CVE-2026-31222
8.8 HIGH

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files …

May 12, 2026
CVE-2026-31221
7.8 HIGH

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load …

May 12, 2026
CVE-2026-31219
8.8 HIGH

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides …

May 12, 2026
CVE-2026-31218
8.8 HIGH

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model …

May 12, 2026
CVE-2026-31214
9.8 CRITICAL

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint …

May 12, 2026
CVE-2026-31253
7.3 HIGH

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and …

May 11, 2026
CVE-2026-31252
5.7 MEDIUM

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files …

May 11, 2026
CVE-2026-31251
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis …

May 11, 2026
CVE-2026-31250
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for …

May 11, 2026
CVE-2026-31249
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, …

May 11, 2026
CVE-2026-7818
7.0 HIGH

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing …

May 11, 2026
CVE-2024-47570
6.6 MEDIUM

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, …

Dec 9, 2025
CVE-2025-31514
2.7 LOW

An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 …

Oct 14, 2025
CVE-2025-10221
5.5 MEDIUM

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on …

Sep 10, 2025
CVE-2025-54923

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to …

Aug 20, 2025
CVE-2025-5296
7.3 HIGH

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to …

Aug 18, 2025
CVE-2025-32817
6.1 MEDIUM

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading …

Apr 16, 2025
CVE-2025-2222
7.8 HIGH

CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle …

Apr 9, 2025
CVE-2024-40585
6.5 MEDIUM

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and …

Mar 14, 2025
CVE-2025-2002
6.0 MEDIUM

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, …

Mar 12, 2025
CVE-2024-37362
6.3 MEDIUM

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho …

Feb 20, 2025
CVE-2024-37361
9.9 CRITICAL

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 …

Feb 20, 2025
CVE-2024-56180
9.8 CRITICAL

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers …

Feb 14, 2025
CVE-2024-12012
5.7 MEDIUM

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 …

Feb 13, 2025
CVE-2024-12703
7.8 HIGH

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin …

Jan 17, 2025
CVE-2024-42407
8.5 HIGH

Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security …

Dec 12, 2024
CVE-2024-9005

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to …

Oct 8, 2024
CVE-2024-41699
4.4 MEDIUM

Priority – CWE-552: Files or Directories Accessible to External Parties

Aug 20, 2024
CVE-2024-38429
7.5 HIGH

Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties

Jul 30, 2024
CVE-2024-5557
4.5 MEDIUM

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller …

Jun 12, 2024
CVE-2024-5056
6.5 MEDIUM

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the …

Jun 12, 2024
CVE-2024-2229
7.8 HIGH

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a …

Mar 18, 2024
CVE-2024-2052
7.5 HIGH

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker …

Mar 18, 2024
CVE-2023-45594
6.8 MEDIUM

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the …

Mar 5, 2024
CVE-2024-21815
9.1 CRITICAL

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher …

Mar 5, 2024
CVE-2023-27975
7.1 HIGH

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with …

Feb 14, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.