7860 matches found
PYSEC-2026-158
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
CVE-2026-35043
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
PYSEC-2026-158
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
CVE-2026-35043
CVE-2026-35043 affects BentoML prior to 1.4.38. The cloud deployment path in bentoml/_internal/cloud/deployment.py interpolates system_packages directly into a shell command in the generated setup.sh, enabling remote code execution on the CI/CD cloud build infrastructure during deployment. The is...
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify (CVE-2025-15599, CVE-2026-0540)
Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify CVE-2025-15599, CVE-2026-0540. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a...
BentoML 操作系统命令注入漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.38, there was a vulnerability related to operating system command injection. This vulnerability stemmed...
CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry
Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...
Merkle Tree Certificate Post-Quantum PKI for Kubernetes and Cloud-Native 5G/B5G Core
Post-quantum signature schemes such as ML-DSA-65 produce signatures of 3,309 bytes and public keys of 1,952 bytes over 50 times larger than classical Ed25519. In TLS-authenticated environments like Kubernetes control planes and 5G Core networks, where every inter-component connection is mutually...
Command Injection
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Command Injection in the systempackages parameter of the deployment setup process. An attacker can execute arbitrary commands on the cloud build infrastructure by injecting...
BentoML: Command Injection in cloud deployment setup script
Commit ce53491 March 24 fixed command injection via systempackages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates systempackages directly into a shell...
PT-2026-30281
Commit ce53491 March 24 fixed command injection via system packages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/ internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates system packages directly into a shel...
Windows Persistence via UserInitMprLogonScript
This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...
CVE-2026-31935
A flaw was found in Suricata. A remote attacker can exploit this vulnerability by sending a flood of crafted HTTP2 continuation frames. This can lead to memory exhaustion, causing the Suricata process to shut down, resulting in a Denial of Service DoS. Mitigation To mitigate this issue, consider...
Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown
A WIRED analysis of DHS records identified dozens of specialized federal agents who used force against US civilians during the largest known deployment of its kind in US history...
[SECURITY] Fedora 43 Update: bpfman-0.5.4-5.fc43
bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...
[SECURITY] Fedora 42 Update: bpfman-0.5.4-6.fc42
bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...
PT-2026-29420
Name of the Vulnerable Software and Affected Versions Cloudreve versions prior to 4.13.0 Description Cloudreve is a self-hosted file management and sharing system. Versions prior to 4.13.0 use a weak pseudo-random number generator math/rand seeded with time to generate critical security secrets,...
ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +151 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.1.0)
io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - ai.agentican:agentican-framework-core =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1,...