Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
7.3
HIGH
CVE-2026-31250
— CosyVoice Insecure Deserialization Vulnerability
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads…
Remote
|
Injection
May 11, 2026
May 12, 2026
May 11, 2026
May 12, 2026
7.3
HIGH
CVE-2026-31249
— CosyVoice Insecure Deserialization Vulnerability
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script l…
Remote
|
Injection
May 11, 2026
May 12, 2026
May 11, 2026
May 12, 2026
7.5
HIGH
CVE-2026-31248
— Docling's METS GBS Backend XML Entity Expansion Denial of Service
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabli…
Remote
|
XML External Entity
May 11, 2026
May 13, 2026
May 11, 2026
May 13, 2026