Lucene search
K

486911 matches found

OSV
OSV
added 2026/06/16 5:35 p.m.3 views

GHSA-V5FF-9Q35-Q26F Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

9.6CVSS6AI score0.00688EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/16 5:34 p.m.55 views

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

8.1CVSS7.7AI score0.0252EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/16 5:34 p.m.3 views

GHSA-Q8GQ-377P-JQ3R vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

7.5CVSS6.2AI score0.00463EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/16 5:34 p.m.8 views

Reachable Assertion

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Reachable Assertion via the resolveobjbyqualname function. An attacker can execute arbitrary code by publishing a malicious model with a crafted...

7.5CVSS6.2AI score0.00463EPSS
Exploits1References3
NVD
NVD
added 2026/06/16 5:16 p.m.9 views

CVE-2026-42089

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS0.00139EPSS
Exploits1References3
NVD
NVD
added 2026/06/16 5:16 p.m.11 views

CVE-2026-44932

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS0.00297EPSS
Exploits0References6
NVD
NVD
added 2026/06/16 5:16 p.m.15 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 5:16 p.m.11 views

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 5:16 p.m.13 views

CVE-2024-24909

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...

8.8CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 5:16 p.m.9 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:2 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)

Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/16 4:32 p.m.17 views

CVE-2026-47964

Affected software : DNG SDK (version 1.7.1 2536 and earlier). Vulnerability : Heap-based buffer overflow (CWE-122) in the DNG SDK, potentially allowing arbitrary code execution in the context of the current user. Impact : Arbitrary code execution with high impact (confidentiality/ integrity/ avai...

7.8CVSS6AI score0.00199EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 4:22 p.m.6 views

Malicious code in chai-as-tokenized (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/16 4:22 p.m.7 views

MAL-2026-5902 Malicious code in chai-as-tokenized (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...

6.3AI score
Exploits0References2
EUVD
EUVD
added 2026/06/16 4:15 p.m.6 views

EUVD-2026-37131

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/16 4:9 p.m.25 views

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 4:9 p.m.15 views

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where deserialization of untrusted data may lead to code execution, privilege escalation, data tampering, and information disclosure. The connected NVIDIA security bulletin confirms affected product: NVIDIA NeMo Framework for Linux, with af...

7.8CVSS5.6AI score0.00161EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/16 4:9 p.m.14 views

EUVD-2026-37130

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.5AI score0.00161EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 4:8 p.m.25 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 3:55 p.m.7 views

ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

A flaw was found in ncurses. This vulnerability, a buffer overflow, exists within the analyzestring function. An attacker could potentially exploit this to execute unauthorized code on the affected system, which might lead to a denial of service in the affected application, the corruption of data...

9.8CVSS5.9AI score0.00414EPSS
Exploits1References8
Rows per page
Query Builder