CVE Vulnerabilities - 12 May 2026

ChurchCRM's setup wizard password is not properly secured, allowing attackers to potentially run malicious code. This risk affects older versions of ChurchCRM and has been fixed in version 7.3.2. Upda...

When running Dalfox in server mode, an attacker can send a malicious request to execute arbitrary commands on the host system without authentication. This is a critical issue because it allows an atta...

A user with a valid login to Nginx UI can potentially access internal services and data by exploiting a weakness in the way the system handles requests. This could allow unauthorized access to sensiti...

An authorized user with Microsoft Dynamics 365 on-premises access can execute unauthorized code over a network, potentially allowing an attacker to gain more access than they should have. This is a co...

Azure Logic Apps has a security issue that allows authorized users to gain more access than they should over a network. This means that an attacker who is already authorized could potentially do more ...

An attacker with authorized access to Microsoft Dynamics 365 Customer Insights can potentially gain higher-level access to the system, allowing them to view or modify sensitive data. This is a concern...

A bug in the Arduino ESP32's web server can cause it to crash if it receives a large amount of data from a website. This could potentially allow an attacker to take control of the device. Update to th...

Exim, a popular email server software, has a security flaw that allows an attacker to execute malicious code without needing a password. This can happen if an attacker sends a specific type of email t...

A Debian Linux security issue allows an attacker with normal user privileges to gain full system control. This could happen if a malicious user exploits a weakness in the Debian package management sys...

The Mamba language model framework allows attackers to execute arbitrary code on a victim's system when loading pre-trained models from HuggingFace Hub. This is a security risk because it can be used ...

The Ludwig framework's model server is at risk if an attacker provides a malicious model file. This could allow the attacker to run any code they want on the system hosting the model server. To fix th...

The imgaug library has a security flaw that allows an attacker to run malicious code on your system if they can influence the data used by the library. This is particularly concerning if you're using ...

The Ludwig framework's predict() method can load and execute malicious code from a pickle file, allowing an attacker to run arbitrary code on the system. This can happen if a user provides a malicious...

The LLM CLI tool is affected if you use the --functions option to run custom Python code. This is a serious security risk because an attacker could trick you into running malicious code, giving them c...

Guardrails AI has a security flaw in its package installation process. An attacker can publish malicious packages, which can then be installed by a victim and execute arbitrary code on their system. T...

Horovod's distributed task coordination system has a security flaw that lets attackers run code on your computers. This happens because the system doesn't check who is sending data, and it can execute...

Apache Tomcat versions from 9 to 11 have a security flaw that could let attackers access data they shouldn't. This matters because it could expose sensitive information. To fix it, update to the lates...

PySyft versions 0.9.5 and earlier allow attackers to run malicious code on the server, potentially taking control of the server environment. This is a serious risk because it could allow an attacker t...

Apache Tomcat versions 7 through 11 have a security issue that allows unauthorized access. This could happen if an attacker finds a way to bypass the authentication process, which is used to verify us...

If you use WGDashboard with WireGuard VPN, update to version 4.3.2 or later to prevent unauthorized access to your host file system. This is a serious security issue that can be exploited by malicious...

Fortinet's FortiAuthenticator software has a security issue that could allow an attacker to run unauthorized code or commands on the system. This could potentially allow the attacker to access or modi...

A security flaw in Microsoft Windows DNS could allow an attacker to run malicious code on a targeted system over the network. This could happen if an attacker sends a specially crafted request to the ...

An attacker can remotely execute malicious code on a Windows system by exploiting a weakness in the Netlogon service. This could allow the attacker to take control of the system and potentially spread...

The LLM CLI tool has a critical security issue that allows attackers to run malicious code on a victim's system. This happens when a user is tricked into running a specially crafted command with custo...

An attacker can execute malicious code on the Cognee server by sending a specially crafted request. This could lead to the complete compromise of the system. Update Cognee to a version after v0.4.0 to...