2454994 matches found
CVE-2026-54232 vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...
bypass-code-defender
ansi ┌──root💀bypass- └─ cat /etc/bypass-code/about ───...
Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81e8a23a71a5288646495c50a46c2814ffc0668d9c24ed04e1abd9e8758b5ea2 Package is published under the name 'zod-pino' suggesting a Zod/Pino logging integration but the shipped contents are unrelated to that purpose. The...
MAL-2026-6273 Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81e8a23a71a5288646495c50a46c2814ffc0668d9c24ed04e1abd9e8758b5ea2 Package is published under the name 'zod-pino' suggesting a Zod/Pino logging integration but the shipped contents are unrelated to that purpose. The...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper
Summary @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed whose escapeCsv helper only handles RFC 4180 delimiter/quote/newline escaping. It does not neutralize the standard CSV formula-injection prefixes =, +, -...
GHSA-7GH7-258J-4MPQ @actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper
Summary @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed whose escapeCsv helper only handles RFC 4180 delimiter/quote/newline escaping. It does not neutralize the standard CSV formula-injection prefixes =, +, -...
CVE-2026-48500
Summary: Filament (Laravel components) had an unauthenticated temporary file upload issue on some auth-related schemas. Affected versions: 3.0.0–3.3.52, 4.11.5, and 5.6.5. Root cause: The Livewire component embeddings could apply WithFileUploads to forms that don’t require uploads, allowing unaut...
CVE-2026-48500 Filament: Unauthenticated temporary file upload on auth pages
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...
CVE-2026-48500
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...
EUVD-2026-38394
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...
CVE-2026-48500 Filament: Unauthenticated temporary file upload on auth pages
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...
CVE-2026-48505
Filament’s MFA recovery-code handling (versions 4.0.0–4.11.5 and 5.6.5) allows the same recovery code to be reused under concurrent submissions. When recovery codes are enabled, an attacker with the user’s password and codes can establish multiple authenticated sessions per code, extending access...
CVE-2026-48505 Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...
CVE-2026-48505
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...
EUVD-2026-38392
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...