251760 matches found
Debian dsa-6335 : libcrypto3-udeb - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6335 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6335-1 [email protected]...
TrueConf Windows Client < 8.5.3.884 Download of Code Without Integrity Check Vulnerability (CVE-2026-3502)
The version of TrueConf Windows Client installed on the remote host is prior to 8.5.3.884. It is, therefore, affected by a vulnerability: â A remote code execution vulnerability exists in the TrueConf Client update mechanism due to lack of cryptographic verification of update packages. An...
CVE-2026-44963
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2026-46517
LMDeploy has a hardcoded trust_remote_code=True path in multiple code locations (e.g., get_model_arch and related calls) that is invoked for every model load. This creates an implicit unsafe remote-code load path when loading HuggingFace models from a repository, with no user opt-out or CLI flag ...
EUVD-2026-35874
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-44963
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2026-44963
CVE-2026-44963 is a confirmed issue in Veeam Backup & Replication where an authenticated domain user could trigger remote code execution on the Backup Server. Public docs indicate the vulnerability affects 12.x builds (including 12.3.2.4465) and is not present in version 13.x due to architectural...
CVE-2026-44963
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter
Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...
GHSA-JVC5-6G7Q-C843 Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter
Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...
EUVD-2026-31112
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenixstorybook playground...
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...
GHSA-55HG-8QXV-QJ4P PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...
Exploit for CVE-2026-10520
CVE-2026-10520 and CVE-2026-10523 An Ivanti Sentry Authentica...
[SECURITY] [DSA 6335-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6335-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2026 https://www.debian.org/security/faq -...
Exploit for Deserialization of Untrusted Data in Mirasvit Full_Page_Cache_Warmer
markdown CVE-2026-45247 - Mirasvit Full Page Cache Warmer for...
Malicious code in react-pinojs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db767edd3581eec08793cb669f0ec59351e61f31501b6d4287b86baea512bb63 Package impersonates the popular pino logger homepage points to getpino.io, description mimics pino's tagline and executes a remote-code-execution...
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for June 2026, which includes 206 vulnerabilities affecting a range of products, including 32 that Microsoft marked as "critical". Out of 32 "critical" entries, 28 are remote code execution RCE vulnerabilities in Microsoft Windows services and...