CVE-2026-1839 vulnerabilities

Vulnerabilities for packages: py3-transformers, vllm-openai-cuda-12.9, tritonserver-backend-vllm-cuda-13.0, nemo, lmcache-cuda-12.8...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3762 more potentially affected by CVE-2026-1839 via transformers (>=2.10.0 <=5.0.0rc2)

transformers PYPI version =2.10.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2026-1839 Source advisory:...

CVE-2026-1839

creationtimestamp| type| source ---|---|--- 2026-04-07 06:05:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv4dqxdnj2i...

MAL-2026-1839 Malicious code in react-state-optimizer-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 782cd7f3728f924a764bf54c8c73a27b8170cdf85f11902e6d8d806db39fa172 The package react-state-optimizer-core was found to contain malicious code...

artifex (>=0.7.0 <=0.11.0), axolotl (=0.14.0) +17 more potentially affected by CVE-2026-1839 via transformers (>=5.0.0 <=5.0.0rc2)

transformers PYPI version =5.0.0, =0.7.0, =0.0.10, =0.1.4, =4.9.0, =1.7.10, =0.14.6, =0.0.2, =5.2.0, =0.1.0, =0.30.0, =0.3.0, =0.3.6 and more Source cves: CVE-2026-1839 Source advisory: SNYK:PYTHON-TRANSFORMERS-15166618...

EUVD-2017-0361

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-1839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allo...

CVE-2024-1839

Intrado 911 Emergency Gateway is affected by CVE-2024-1839 due to an unauthenticated blind time-based SQL injection in the login form. The vulnerability allows remote attackers with network access and no authentication to potentially execute malicious code, exfiltrate data, or manipulate the data...

Huawei EulerOS: Security Advisory for llvm (EulerOS-SA-2024-1839)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Use after free via namespace node in XPointer ranges CVE-2016-4658 - libxml2: Missing validation...

Amazon Linux AMI : libtiff (ALAS-2023-1839)

The version of libtiff installed on the remote host is prior to 4.0.3-35.49. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1839 advisory. Multiple potential integer overflow in raw2tiff.c in libtiff = 4.5.1 can allow remote attackers to cause a denial of service...

CVE-2023-1839

creationtimestamp| type| source ---|---|--- 2023-05-15 16:43:27+00:00| seen| https://t.me/cibsecurity/64134...

CVE-2023-1839 Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

CVE-2023-1839 Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

CVE-2023-1839

CVE-2023-1839 affects the WordPress plugin Product Addons & Fields for WooCommerce (PPOM) up to version 32.0.5. The issue is that the plugin does not sanitize and escape certain setting fields, enabling stored cross-site scripting by high-privilege users (e.g., admins), even when unfiltered_html ...

K26422113: libxml2 vulnerability CVE-2016-1839

Security Advisory Description The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

SUSE CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

SUSE CVE-2017-9050

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839...

CVE-2022-1839

creationtimestamp| type| source ---|---|--- 2022-05-24 12:50:34+00:00| seen| https://t.me/cibsecurity/43234...

CVE-2022-1839

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...