CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2025-48922

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GLightbox allows Cross-Site Scripting XSS.This issue affects GLightbox: from 0.0.0 before 1.0.16...

Drupal GLightbox 安全漏洞

Drupal GLightbox is a JavaScript image and video displayer for the Drupal community. A security vulnerability exists in Drupal GLightbox versions prior to 1.0.16 that stems from improper input neutralization and could lead to a cross-site scripting attack...

pysrp 安全漏洞

pysrp is a Python implementation of the Secure Remote Cryptography Protocol SRP by the individual developer Tom Cocagne. A security vulnerability exists in pysrp versions prior to 1.0.16, which stems from the function calculatex in the file srp/ctsrp.py, which is manipulated to result in a messag...

UBUNTU-CVE-2021-42576

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

CVE-2017-5234

Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...