PT-2026-51652

CERT disclosed CVE-2026-30040 and CVE-2026-30041 in FastStone Image Viewer 8.3; JP2 and PSD parsers may allow remote code execution or denial-of-service. https://t.co/ZP17y5QMQj...

VulnCheck KEV: CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

PT-2026-51474

Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...

VulnCheck KEV: CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

CVE-2026-39253

An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...

CVE-2026-39253

CVE-2026-39253 affects Pivotal CRM v6.6.04.08. The vulnerability enables a remote attacker to execute arbitrary code via the components Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll , caused by insecure deserialization (CWE-502). The CVSSv3.1 base score is 8.1 (HIGH) w...

PT-2026-51547

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.65.0 Description Improper trust boundary enforcement in Amazon Q IDE plugins allows for arbitrary code execution. If a local user opens a maliciously crafted workspace and trusts it when prompted,...

PT-2026-51631

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description Gogs fails to sanitize organization names, allowing the use of path traversal sequences ../. This enables the storage and retrieval of repository data at arbitrary locations on the filesystem. A...

PT-2026-51624

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description Remote code execution is possible in the server-side Rebase before merging workflow. The issue occurs because the software invokes git rebase using a pull request base branch name without a "--"...

PT-2026-51629

Name of the Vulnerable Software and Affected Versions Gogs versions 0.14.0 through 0.14.2 Description An issue exists where the UploadRepoFiles function only checks for symbolic links at the leaf of the upload target using osx.IsSymlink, unlike other functions that validate every component of the...

Lantronix EDS5000 Code Injection Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges...

GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerabilities

Summary Multiple exploitable OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GV-I/O Box 4E versions: 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger these vulnerabilities. Confirmed...

GeoVision GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the DVRSearch CMDIPSET functionality of GV-I/O Box 4E versions: 2.09. A specially crafted network request can lead to a arbitrary code execution. An attacker can send a network request to trigger these vulnerabilities. Confirme...

CVE-2026-41523

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

CVE-2026-54232

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

EUVD-2026-32587

Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata...

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

CVE-2026-47155

CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...

CVE-2026-41523

vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...