Malicious code in @wame/ngx-adfs (npm)

Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...

MAL-2026-2416 Malicious code in oc-ccp-module-client (npm)

Malware due to hex obfuscation, suspicious install script, dynamic module loading, OS command access, process object access, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2b4b9cee1369c441aa8d759bc04085a8e2b14786df20656a8c6bc249e6260...

CVE-2026-22807

Vulnerability CVE-2026-22807 affects vLLM versions prior to 0.14.0, where during model resolution the engine loads Hugging Face auto_map dynamic modules without gating on trust_remote_code. This allows attacker-controlled Python code in a model repo or path to execute at server startup, before an...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

EUVD-2025-200115

vLLM vulnerable to remote code execution via transformersutils/getconfig...

PT-2025-48580

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.1 Description vLLM is an inference and serving engine for large language models LLMs. A critical issue exists in the Nemotron Nano VL Config class where remote code execution can occur. When vLLM loads a model...

EUVD-2021-23358

Malware in sbrugna...

CVE-2023-21624

Information disclosure in DSP Services while loading dynamic module...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from information disclosure in the DSP service when loading dynamic modules. The following products and versions are affected: FastConnect 6700,...

PT-2023-18287 · Unknown · Dsp Services

Name of the Vulnerable Software and Affected Versions: DSP Services affected versions not specified Description: The issue concerns information disclosure in DSP Services when loading a dynamic module. Recommendations: At the moment, there is no information about a newer version that contains a f...

Huawei EulerOS: Security Advisory for perl-Encode (EulerOS-SA-2022-2878)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : perl-Encode (EulerOS-SA-2022-2433)

According to the versions of the perl-Encode package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in th...

EulerOS 2.0 SP10 : perl-Encode (EulerOS-SA-2022-2420)

According to the versions of the perl-Encode package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in th...

Mageia: Security Advisory (MGASA-2021-0527)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0527 Updated perl/perl-Encode packages fix security vulnerability

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

Updated perl/perl-Encode packages fix security vulnerability

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

Design/Logic Flaw

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...