CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

CVE-2026-4944 Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

EUVD-2026-28896

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

Fedora 45 : pyp2spec (2026-9ba2d85db0)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9ba2d85db0 advisory. Automatic update for pyp2spec-0.14.1-1.fc45. Changelog Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves: rhbz2460051 -...

SUSE CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

GO-2026-4500 Unauthenticated File Upload in Gogs in gogs.io/gogs

Unauthenticated File Upload in Gogs in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...

CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

CVE-2026-25232

The CVE-2026-25232 entry corresponds to a vulnerability in the Gogs web interface where protected branches can be deleted by a user with Write access due to a missing protection check in the backend DeleteBranchPost handler. While the UI layer correctly hides delete options for protected branches...

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the videourl parameter, which allows remote files to be fetched and processed. An attacker can...

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the MediaConnector class. An attacker can access internal network resources and cause system instability or...

CVE-2026-24779

CVE-2026-24779 is an SSRF vulnerability in vLLM’s MediaConnector. Before version 0.14.1, load_from_url and load_from_url_async fetch media from user-supplied URLs and validate via Python urllib urlparse, while the request is issued with requests/urllib3, whose parsing follows a different standard...

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

CVE-2026-24048

CVE-2026-24048 affects Backstage FetchUrlReader in @backstage/backend-defaults prior to v0.12.2, v0.13.2, v0.14.1, and v0.15.0. The component would follow HTTP redirects, enabling an attacker who controls a host in backend.reading.allow to redirect requests to internal/sensitive URLs outside the ...

Matrix Rust SDK 安全漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A security vulnerability exists in Matrix Rust SDK 0.14.1 and earlier versions, which stems from a serialization error that could lead to a denial of service...