PT-2026-38410

Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description A bypass of the trust remote code security gate in the DiffusionPipeline.from pretrained function allows arbitrary remote code execution, even when trust remote code is set to False or left as...

GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

openSUSE Security Update : nodejs (openSUSE-2016-1172)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...

SuSE 11.1 Security Update : net-snmp (SAT Patch Number 6517)

This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service application crash via a heap-based out-out-bounds read flaw which could be exploited remotely. CVE-2012-2141 - The snmpd agent should read shared memory information from...