Lucene search
K

7860 matches found

PyPA
PyPA
added 2026/04/06 6:16 p.m.6 views

PYSEC-2026-158

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2026/04/06 6:16 p.m.6 views

CVE-2026-35043

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS0.00315EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 6:16 p.m.11 views

PYSEC-2026-158

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:10 p.m.1 views

CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 5:10 p.m.10 views

CVE-2026-35043

CVE-2026-35043 affects BentoML prior to 1.4.38. The cloud deployment path in bentoml/_internal/cloud/deployment.py interpolates system_packages directly into a shell command in the generated setup.sh, enabling remote code execution on the CI/CD cloud build infrastructure during deployment. The is...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 5:10 p.m.15 views

CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS0.00315EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 4:27 p.m.19 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify (CVE-2025-15599, CVE-2026-0540)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify CVE-2025-15599, CVE-2026-0540. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a...

6.1CVSS5.9AI score0.0034EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.11 views

BentoML 操作系统命令注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.38, there was a vulnerability related to operating system command injection. This vulnerability stemmed...

7.8CVSS6.2AI score0.00315EPSS
Exploits1References2
Cloud Foundry
Cloud Foundry
added 2026/04/06 12:0 a.m.8 views

CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry

Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...

8.6CVSS5.3AI score0.00364EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.0 views

Merkle Tree Certificate Post-Quantum PKI for Kubernetes and Cloud-Native 5G/B5G Core

Post-quantum signature schemes such as ML-DSA-65 produce signatures of 3,309 bytes and public keys of 1,952 bytes over 50 times larger than classical Ed25519. In TLS-authenticated environments like Kubernetes control planes and 5G Core networks, where every inter-component connection is mutually...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/03 10:3 p.m.1 views

Command Injection

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Command Injection in the systempackages parameter of the deployment setup process. An attacker can execute arbitrary commands on the cloud build infrastructure by injecting...

8.5CVSS6.1AI score0.00315EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/03 10:3 p.m.13 views

BentoML: Command Injection in cloud deployment setup script

Commit ce53491 March 24 fixed command injection via systempackages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates systempackages directly into a shell...

7.8CVSS6.4AI score0.00315EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30281

Commit ce53491 March 24 fixed command injection via system packages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/ internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates system packages directly into a shel...

7.8CVSS6.4AI score0.00315EPSS
Exploits2References5
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.146 views

Windows Persistence via UserInitMprLogonScript

This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 4:43 p.m.3 views

CVE-2026-31935

A flaw was found in Suricata. A remote attacker can exploit this vulnerability by sending a flood of crafted HTTP2 continuation frames. This can lead to memory exhaustion, causing the Suricata process to shut down, resulting in a Denial of Service DoS. Mitigation To mitigate this issue, consider...

7.5CVSS6AI score0.00272EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2026/04/02 10:0 a.m.4 views

Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown

A WIRED analysis of DHS records identified dozens of specialized federal agents who used force against US civilians during the largest known deployment of its kind in US history...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/02 1:6 a.m.4 views

[SECURITY] Fedora 43 Update: bpfman-0.5.4-5.fc43

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...

8.7CVSS5.9AI score0.005EPSS
Exploits1
Fedora
Fedora
added 2026/04/02 12:43 a.m.6 views

[SECURITY] Fedora 42 Update: bpfman-0.5.4-6.fc42

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...

8.7CVSS5.9AI score0.005EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29420

Name of the Vulnerable Software and Affected Versions Cloudreve versions prior to 4.13.0 Description Cloudreve is a self-hosted file management and sharing system. Versions prior to 4.13.0 use a weak pseudo-random number generator math/rand seeded with time to generate critical security secrets,...

9.8CVSS6AI score0.00376EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/03/30 5:26 p.m.9 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +151 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.1.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - ai.agentican:agentican-framework-core =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1,...

6.1CVSS7.4AI score0.00222EPSS
Exploits0
Rows per page
Query Builder