USN-7971-1 glib2.0 vulnerability

It was discovered that GLib incorrectly handled the buffered input stream API. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code...

Arbitrary Code Injection

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the automap process during model initialization, even when trustremotecode is false. An attacker can execute arbitrary...

vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

CVE-2025-54817

A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...

WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by mcdruid in WordPress Plugin Beaver Builder versions = 2.9.4.1...

Exploit for CVE-2026-23947

Walkthrough: CVE-2026-23947 - Orval Arbitrary Code Execution...

CVE-2026-24016

The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...

Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries

Overview The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-24016 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 CVSS score: 6.5, affects all versions of the module prior to version 2.3.0, whic...

USN-7970-1 iperf3 vulnerabilities

Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in...

GHSA-H526-WF6G-67JV Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

PT-2026-3879

Name of the Vulnerable Software and Affected Versions seroval versions prior to 1.4.0 Description seroval is a JavaScript library that facilitates value stringification, including complex structures beyond the capabilities of JSON.stringify. Improper input handling in the JSON deserialization...

ROS-20260121-73-0027

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Moodle cross-site scripting vulnerabilities

Moodle is an open-source e-learning software platform developed by Moodle. It is also known as a course management system, learning management system, or virtual learning environment. Version 3.10.3 of Moodle contains a cross-site scripting vulnerability. This vulnerability stems from a persisten...

Arduino and AVR Board Security Vulnerabilities

Arduino AVR Boards is an open-source software kernel of Arduino. Versions of Arduino AVR Boards prior to 1.8.7 contained security vulnerabilities. These vulnerabilities stemmed from stack buffer overflows during the conversion of high-precision floating-point numbers into strings, which could lea...

PT-2026-3865

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.1 through 0.13.x Description vLLM is an inference and serving engine for large language models LLMs. The software loads Hugging Face auto map dynamic modules during model resolution without verifying trust remote code. This...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Dungeon Crawl Stone Stoup vulnerability (USN-7969-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7969-1 advisory. David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An...

Arbitrary Code Injection

Overview binary-parser is a Blazing-fast binary parser builder Affected versions of this package are vulnerable to Arbitrary Code Injection via malicious field names. An attacker can execute arbitrary JavaScript code by supplying untrusted values in the field names or encoding parameters, which a...