Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
7,953 matching · page 8/160Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-71353(opens NVD record) | High | 8.1 | picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded. | Jul 4, 2026 |
| CVE-2025-71347(opens NVD record) | High | 8.1 | picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary code execution in applications loading untrusted pickle data. | Jul 4, 2026 |
| CVE-2025-71345(opens NVD record) | High | 8.1 | picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution. | Jul 4, 2026 |
| CVE-2025-71343(opens NVD record) | High | 8.1 | picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called. | Jul 4, 2026 |
| CVE-2025-71342(opens NVD record) | High | 8.1 | picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks. | Jul 4, 2026 |
| CVE-2026-54424(opens NVD record) | High | 8.4 | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable. | Jul 4, 2026 |
| CVE-2026-58523(opens NVD record) | Medium | 6.5 | Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. | Jul 3, 2026 |
| CVE-2026-14617(opens NVD record) | Low | 3.1 | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: "[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path." | Jul 3, 2026 |
| CVE-2026-58597(opens NVD record) | Medium | 4.3 | Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58524(opens NVD record) | Medium | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58522(opens NVD record) | Medium | 6.8 | Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | Jul 3, 2026 |
| CVE-2026-58426(opens NVD record) | Critical | 9.6 | Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | Jul 3, 2026 |
| CVE-2026-58424(opens NVD record) | High | 8.9 | Permanent Fork PR Workflow Approval Gate Bypass | Jul 3, 2026 |
| CVE-2026-58423(opens NVD record) | High | 7.7 | LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | Jul 3, 2026 |
| CVE-2026-58422(opens NVD record) | Critical | 9.8 | Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | Jul 3, 2026 |
| CVE-2026-58421(opens NVD record) | High | 7.5 | Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | Jul 3, 2026 |
| CVE-2026-58419(opens NVD record) | High | 7.5 | Notification API leaks private issue metadata after access revocation | Jul 3, 2026 |
| CVE-2026-58418(opens NVD record) | Medium | 6.5 | SSRF via HTTP Redirect in Repository Migration | Jul 3, 2026 |
| CVE-2026-58300(opens NVD record) | Medium | 6.2 | Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | Jul 3, 2026 |
| CVE-2026-58299(opens NVD record) | High | 7.5 | Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58298(opens NVD record) | High | 7.2 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58297(opens NVD record) | High | 7.1 | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | Jul 3, 2026 |
| CVE-2026-58296(opens NVD record) | High | 7.1 | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | Jul 3, 2026 |
| CVE-2026-58295(opens NVD record) | High | 8.3 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | Jul 3, 2026 |
| CVE-2026-58294(opens NVD record) | High | 7.5 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58293(opens NVD record) | High | 8.1 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58292(opens NVD record) | High | 7.5 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58291(opens NVD record) | Medium | 6.1 | Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | Jul 3, 2026 |
| CVE-2026-58290(opens NVD record) | High | 7.5 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58289(opens NVD record) | Critical | 9.0 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58288(opens NVD record) | High | 8.3 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58287(opens NVD record) | High | 8.3 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58286(opens NVD record) | High | 8.1 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58285(opens NVD record) | High | 8.3 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58284(opens NVD record) | High | 8.3 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-58283(opens NVD record) | High | 8.1 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58282(opens NVD record) | High | 8.1 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58278(opens NVD record) | Medium | 5.4 | Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-58276(opens NVD record) | High | 7.5 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57993(opens NVD record) | High | 7.4 | Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-57992(opens NVD record) | High | 7.5 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57991(opens NVD record) | High | 7.4 | Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | Jul 3, 2026 |
| CVE-2026-57988(opens NVD record) | High | 7.1 | Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57987(opens NVD record) | Medium | 6.5 | Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |
| CVE-2026-57986(opens NVD record) | High | 7.5 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57985(opens NVD record) | High | 7.6 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57984(opens NVD record) | High | 7.5 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57983(opens NVD record) | High | 8.7 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | Jul 3, 2026 |
| CVE-2026-57981(opens NVD record) | High | 8.8 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 3, 2026 |
| CVE-2026-57977(opens NVD record) | High | 7.1 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 3, 2026 |