CVE-2026-5843 Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...

CVE-2026-5843 Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...

Docker Desktop < 4.71.0 Container Escape (CVE-2026-5843)

The version of Docker Desktop installed on the remote host is prior to 4.71.0. It is, therefore, affected by a container escape vulnerability: - A container-to-host code execution vulnerability exists in the Docker Model Runner MLX inference backend. An attacker with access to a container could...

CVE-2026-5843

creationtimestamp| type| source ---|---|--- 2026-05-20 14:10:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3hreejc2q 2026-05-22 23:02:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmi24enaid2c 2026-06-02 00:07:08+00:00| seen|...

CVE-2026-20437

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843...

CVE-2026-20437

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843...

EUVD-2026-9162

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843...

CVE-2025-5843

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-5843 Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress Brandfolder plugin <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Brandfolder versions = 5.0.19...

CVE-2020-5843

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen...

CVE-2019-5843

Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2024-5843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file...

Linux Distros Unpatched Vulnerability : CVE-2017-5843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple use-after-free vulnerabilities in the 1 gstminiobjectunref, 2 gsttaglistunref, and 3 gstmxfdemuxupdateessencetracks functions in GStreamer before 1.10....

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0205-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0205-1 advisory. - Update to 112.0.5197.25 CHR-9787 Update Chromium on desktop-stable-126-5197 to 126.0.6478.127 - The update to chromium 126.0.6478.127 fixes...

Mageia: Security Advisory (MGASA-2024-0230)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : chromium (2024-5acee8c47f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5acee8c47f advisory. update to 126.0.6478.55 High CVE-2024-5830: Type Confusion in V8 High CVE-2024-5831: Use after free in Dawn High CVE-2024-5832: Use after free in Da...

Fedora 39 : chromium (2024-86e4115138)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-86e4115138 advisory. update to 126.0.6478.55 High CVE-2024-5830: Type Confusion in V8 High CVE-2024-5831: Use after free in Dawn High CVE-2024-5832: Use after free in Da...

Chromium: CVE-2024-5843 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...