MINI-2256-QMV4-XPGC

Bulletin has no description...

CVE-2026-2256

A flaw was found in ModelScope, Red Hat AI Inference Server, and Red Hat OpenShift AI. This command injection vulnerability allows a remote attacker to execute arbitrary operating system commands. The exploitation occurs through crafted prompt-derived input, leading to arbitrary code execution on...

CVE-2026-2256

creationtimestamp| type| source ---|---|--- 2026-03-02 23:59:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg4hk5uxjl2d 2026-03-03 03:47:10+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mg4ubhkdju2w 2026-03-03 10:54:35+00:00| seen|...

defense-agent (>=0.1.0 <=0.2.0) potentially affected by CVE-2026-2256 via ms-agent (=1.6.0)

ms-agent PYPI version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on ms-agent and may be impacted: - defense-agent =0.1.0, =0.2.0 Source cves: CVE-2026-2256 Source advisory: OSV:GHSA-4GC2-344Q-R2RW...

CVE-2026-2256

Summary: CVE-2026-2256 affects ModelScope’s ms-agent up to version v1.6.0rc1. The root cause is improper input sanitization in the Shell tool, where a regex-based blacklist can be bypassed, enabling an attacker to run arbitrary OS commands via crafted prompt-derived input. This can lead to full s...

EUVD-2026-2256

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

CVE-2019-2256

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

EUVD-2020-2256

Malware in sbrugna...

EUVD-2022-2280

Malicious code in bioql PyPI...

CVE-2025-2256

creationtimestamp| type| source ---|---|--- 2025-09-12 17:40:54+00:00| seen| Telegram/gRPzBaApdC9YlpBsXeYzJT7lCwWPufRbI3MCohoFX-bQio...

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2024-2256

CVE-2024-2256 pertains to the WordPress oik plugin and is a stored XSS via shortcode attributes bw_contact_button and bw_button in versions up to and including 4.10.0. The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authentic...

Amazon Linux 2 : LibRaw (ALAS-2023-2256)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2256 advisory. Buffer Overflow vulnerability in LibRaw::stretch function in libraw\src\postprocessing\aspectratio.cpp. CVE-2020-22628 In...

CVE-2023-2256

The CVE-2023-2256 entry covers the WordPress plugin Product Addons & Fields for WooCommerce (PPOM) prior to version 32.0.7. The connected documents confirm a Reflected Cross-Site Scripting vulnerability caused by insufficient sanitization/escaping of URL parameters in the admin panel, enabling ar...

CVE-2023-2256 Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting...

SUSE: Security Advisory (SUSE-SU-2023:2256-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : runc (SUSE-SU-2023:2256-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2256-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Oracle Linux 9 : webkit2gtk3 (ELSA-2023-2256)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2256 advisory. 2.38.5-1 - Update to 2.38.5 Related: 2127467 2.38.4-1 - Update to 2.38.4 Related: 2127467 2.38.3-1 - Update to 2.38.3 Related: 2127467 2.38.2-1 - Updat...

RHEL 9 : webkit2gtk3 (RHSA-2023:2256)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2256 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: use-after-free issue leadi...

WordPress PPOM for WooCommerce Plugin < 32.0.7 is vulnerable to Cross Site Scripting (XSS)

Software PPOM for WooCommerce Type Plugin Vulnerable versions 32.0.7 Fixed in 32.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2256 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f58b7e5c3a3c Credits Alex Sanford...