CVE Database

22+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

22 results for "CWE-5"

CVE-2026-25193
8.1 HIGH

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites …

May 25, 2026
CVE-2026-31232
8.8 HIGH

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a …

May 12, 2026
CVE-2026-31224
8.8 HIGH

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files …

May 12, 2026
CVE-2026-31223
8.8 HIGH

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler …

May 12, 2026
CVE-2026-31222
8.8 HIGH

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files …

May 12, 2026
CVE-2026-31221
7.8 HIGH

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load …

May 12, 2026
CVE-2026-31219
8.8 HIGH

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides …

May 12, 2026
CVE-2026-31218
8.8 HIGH

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model …

May 12, 2026
CVE-2026-31253
7.3 HIGH

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and …

May 11, 2026
CVE-2026-31251
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis …

May 11, 2026
CVE-2026-31250
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for …

May 11, 2026
CVE-2026-31249
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, …

May 11, 2026
CVE-2026-7818
7.0 HIGH

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing …

May 11, 2026
CVE-2025-5296
7.3 HIGH

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to …

Aug 18, 2025
CVE-2025-2222
7.8 HIGH

CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle …

Apr 9, 2025
CVE-2024-12703
7.8 HIGH

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin …

Jan 17, 2025
CVE-2024-42407
8.5 HIGH

Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security …

Dec 12, 2024
CVE-2024-38429
7.5 HIGH

Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties

Jul 30, 2024
CVE-2024-2229
7.8 HIGH

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a …

Mar 18, 2024
CVE-2024-2052
7.5 HIGH

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker …

Mar 18, 2024
CVE-2023-27975
7.1 HIGH

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with …

Feb 14, 2024
CVE-2023-7032
7.8 HIGH

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by …

Jan 9, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.