Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

RockyLinux 9 : systemd (RLSA-2026:13677)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13677 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

ClipBucket 安全漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Version 5.5.2 of ClipBucket contains a security vulnerability. This vulnerability stems from the authentication interface, the login page endpoint, and the...

RockyLinux 9 : nginx (RLSA-2026:18029)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18029 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

Linux Distros Unpatched Vulnerability : CVE-2026-8973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha...

PT-2026-42800

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

nginx -- heap buffer overflow in ngx_http_rewrite_module

The nginx developers report: A heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngxhttprewritemodule, potentially resulting in arbitrary code execution CVE-2026-9256...

PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

Unity Linux 20.1060e / 20.1070e Security Update: logback (UTSA-2026-016687)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016687 advisory. In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to...

RockyLinux 8 : openssl (RLSA-2026:3042)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3042 advisory. openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419 Tenable has extracted the preceding description block...

Debian dsa-6288 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6288 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6288-1 [email protected]...

USN-8294-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

Malicious code in @ornexus/neocortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc On npm install -g @ornexus/neocortex, postinstall.js spawns install.sh or install.ps1 which, by default, runs an installcoderabbit step that fetches...

CVE-2026-8974

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

[SECURITY] [DSA 6287-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6287-1 [email protected] https://www.debian.org/security/ Andres Salomon May 21, 2026 https://www.debian.org/security/faq -...

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

systemd security update

An update is available for systemd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux...

RLSA-2026:13651 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...