PT-2026-48537

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

EUVD-2026-30404

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

Debian dsa-6215 : gimp - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6215 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6215-1 [email protected]...

Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

[SECURITY] Fedora 44 Update: wireshark-4.6.4-2.fc44

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

EUVD-2026-12946

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

CVE-2026-31965

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...

CVE-2026-31962

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...

CVE-2019-12408

It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...

EUVD-2021-19118

Malware in sbrugna...

EUVD-2020-16448

Malware in sbrugna...

EUVD-2010-0130

Malware in sbrugna...

EUVD-2018-13169

Malware in sbrugna...

EUVD-2021-14923

Malware in sbrugna...

EUVD-2021-31182

Malicious code in bioql PyPI...

EUVD-2024-3068

Malicious code in bioql PyPI...

EUVD-2024-54925

Malicious code in bioql PyPI...

EUVD-2021-31183

Malicious code in bioql PyPI...

EUVD-2021-31186

Malicious code in bioql PyPI...