1087023 matches found
CVE-2026-44963
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46517
LMDeploy has a hardcoded trust_remote_code=True path in multiple code locations (e.g., get_model_arch and related calls) that is invoked for every model load. This creates an implicit unsafe remote-code load path when loading HuggingFace models from a repository, with no user opt-out or CLI flag ...
EUVD-2026-35874
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
EUVD-2026-35873
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
CVE-2026-46432
CVE-2026-46432 (LMDeploy) affects lmdeploy
CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
CVE-2026-44963
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2026-44963
CVE-2026-44963 is a confirmed issue in Veeam Backup & Replication where an authenticated domain user could trigger remote code execution on the Backup Server. Public docs indicate the vulnerability affects 12.x builds (including 12.3.2.4465) and is not present in version 13.x due to architectural...
CVE-2026-44963
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
GHSA-7QJX-GP9H-65QJ
creationtimestamp| type| source ---|---|--- 2026-06-09 22:11:08+00:00| seen| https://gist.github.com/alon710/663cf40e16b6dd064b1d29749e82124d...
Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter
Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...
GHSA-JVC5-6G7Q-C843 Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter
Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...
GHSA-55HG-8QXV-QJ4P PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...
EUVD-2026-31112
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenixstorybook playground...
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...
Exploit for CVE-2026-10520
CVE-2026-10520 and CVE-2026-10523 An Ivanti Sentry Authentica...
[SECURITY] [DSA 6335-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6335-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2026 https://www.debian.org/security/faq -...