Lucene search
K

4061 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-24246

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-24251

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00155EPSS
Exploits0References3
CVE
CVE
added 5 days ago10 views

CVE-2026-24251

NVIDIA Megatron Bridge for Linux (CVE-2026-24251) is vulnerable due to improper control of dynamically managed code resources, enabling potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this CVE and states that updati...

7.8CVSS5.8AI score0.00155EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-24246

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago9 views

CVE-2026-24246

NVIDIA Megatron Bridge for Linux is affected by CVE-2026-24246, a vulnerability in the handling of dynamically managed code resources that could lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin indicates the fix is included in ...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-54721

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause improper control of dynamically managed code resources. This could lead to code execution, escalation of privileges, dat...

7.8CVSS6AI score0.00155EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.9 views

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References7
OSV
OSV
added 2026/06/10 5:11 p.m.11 views

GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/10 3:38 p.m.13 views

Improper Control Of Dynamically-Managed Code Resources

contao/core-bundle is vulnerable to Improper Control of Dynamically-Managed Code Resources. The vulnerability is due to insufficient restrictions in template closures, which allows a back-end user with precise control over template contents to execute arbitrary PHP functions that do not require...

6.6CVSS5.9AI score0.00155EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/29 5:51 p.m.8 views

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the WebAssembly.promising and WebAssembly.Suspending JSPI APIs in...

10CVSS6AI score0.00507EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:40 p.m.10 views

Improper Control of Dynamically-Managed Code Resources

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the localPromise constructor in lib/setup-sandbox.js. An attacker can obtain a host-realm...

10CVSS6AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:40 p.m.8 views

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the localPromise constructor in lib/setup-sandbox.js. An attacker can obta...

10CVSS6AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:33 p.m.9 views

Improper Control of Dynamically-Managed Code Resources

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the lib/bridge.js apply trap and thisEnsureThis proto-walk. An attacker can obtain hos...

10CVSS6.1AI score0.004EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Pagekit 安全漏洞

Pagekit is a modular and lightweight CMS Content Management System developed by Pagekit. Versions of Pagekit 1.0.18 and earlier contained security vulnerabilities. These vulnerabilities were caused by an improper handling of directives in the dynamically evaluated code within the function evaluat...

5.8CVSS5.9AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 6:31 p.m.5 views

EUVD-2026-21004

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

7.5CVSS6.7AI score0.00387EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/09 6:31 p.m.7 views

FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS6.7AI score0.00387EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

7.5CVSS6.7AI score0.00387EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

MetaGPT 安全漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by operations on the ActionNode.xmlfill function in the XML Handler component, which could lead to improper instructions in...

9.8CVSS7.1AI score0.00387EPSS
Exploits1References6
Microsoft Secure
Microsoft Secure
added 2026/04/06 4:34 p.m.6 views

Inside an AI‑enabled device code phishing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/06 4:34 p.m.42 views

Inside an AI‑enabled device code phishing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational...

5.9AI score
Exploits0
Rows per page
Query Builder