CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

LMDeploy - Server-Side Request Forgery

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in the vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal or...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

CVE-2026-28909 affects a container runtime where connecting to malicious registries using hostnames that match bypass patterns can expose registry credentials in plaintext. The issue is mitigated by upgrading to container version 0.12.3. The available sources confirm the vulnerability description...

EUVD-2026-26452

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

PT-2026-36209

Name of the Vulnerable Software and Affected Versions container versions prior to 0.12.3 Description Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. Recommendations Update to version 0.12.3...

container 安全漏洞

Container is an open-source tool developed by Apple for creating and running Linux containers on Mac devices. Versions of Container prior to 0.12.3 have a security vulnerability. This vulnerability arises when connecting to hosts with domain names that bypass pattern matching, causing registry...

VulnCheck KEV: CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

EUVD-2026-23970

LMDeploy has Server-Side Request Forgery SSRF via Vision-Language Image Loading...

CVE-2026-33626

LMDeploy SSRF in the vision-language module (prior to 0.12.3) allows an attacker to fetch arbitrary URLs via load_image() in lmdeploy/vl/utils.py without internal IP validation, potentially reaching cloud metadata services and internal networks. The issue also affects encode_image_base64() and ca...

CVE-2026-33626 LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

lmdeploy 安全漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of LMDeploy prior to 0.12.3 contained security vulnerabilities; these vulnerabilities stemmed from the vision-language module’s loadimage function, which did not validate URLs, potentially allowing...

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +82 more potentially affected by CVE-2026-34746 via payload (>=0.12.3 <=3.79.0)

payload NPM version =0.12.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =1.0.1-beta.0, =1.0.1, =0.1.2, =0.1.1, =1.0.0, =1.0.6, =1.0.0, =1.2.0 and more Source cves: CVE-2026-34746 Source advisory: OSV:GHSA-6R7F-Q7F5-WPX8...

Linux Distros Unpatched Vulnerability : CVE-2026-33307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the...

UBUNTU-CVE-2026-33307

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

EUVD-2026-14692

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...