Linux Distros Unpatched Vulnerability : CVE-2017-12667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. CVE-2017-12667 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2017-9130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder FAAC 1.28 allows remote attackers to cause a denial of service invalid memory read...

Linux Distros Unpatched Vulnerability : CVE-2018-19889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid memory address dereference was discovered in the huffcode function libfaac/huff2.c in Freeware Advanced Audio Coder FAAC 1.29.9.2. The vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2017-9129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wavopenread function in frontend/input.c in Freeware Advanced Audio Coder FAAC 1.28 allows remote attackers to cause a denial of service large loop via a...

vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

GHSA-79J6-G2M3-JGFW vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

PT-2025-34260 · Unknown +1 · Qwen3 Coder +1

Name of the Vulnerable Software and Affected Versions: vLLM affected versions not specified Description: An unsafe deserialization allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. The issue...

CVE-2025-9141

A vulnerability was found in vLLM's Qwen3 Coder tool parser. Since this parser uses Python's eval function, it poses a risk of arbitrary code execution. This vulnerability appears during the parameter conversion process when the parser attempts to handle complex data types...

Linux Distros Unpatched Vulnerability : CVE-2018-19887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid memory address dereference was discovered in the huffcode function libfaac/huff2.c in Freeware Advanced Audio Coder FAAC 1.29.9.2. The vulnerability...

SUSE CVE-2025-55154

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. This issue has been patched in...

Malicious code in interview-coder-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7544d4b6f6bedbc4b2c443dea83d3edf5047cfe7335e138c3060870e7921374d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-2266

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attac...

CVE-2024-2355

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secretcoder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched...

CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2022-4341

A vulnerability has been found in csliuwy coder-chaingdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

Coder Code-Server 安全漏洞

Coder Code-Server is a product developed based on Microsoft's open-source Visual Studio Code by Coder, Inc. It is used to build a convenient and unified development environment for developers. A security vulnerability exists in Coder Code-Server versions prior to 4.99.4 that stems from not proper...

CVE-2024-13726

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

WordPress Themes Coder plugin < 1.4.0 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Themes Coder versions 1.4.0...

CVE-2024-13726

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...