SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2026:1330-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1330-1 advisory. - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Rea...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

GHSA-8FR4-5Q9J-M8GM vLLM vulnerable to remote code execution via transformers_utils/get_config

Summary vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with getclassfromdynamicmodule... and immediately instantiates the returned class. This...

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

PT-2025-48580

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.1 Description vLLM is an inference and serving engine for large language models LLMs. A critical issue exists in the Nemotron Nano VL Config class where remote code execution can occur. When vLLM loads a model...

EUVD-2020-29836

Malware in sbrugna...

EUVD-2025-5690

Malicious code in bioql PyPI...

EUVD-2025-6392

Malicious code in bioql PyPI...

CVE-2025-2634 Out of Bounds Read Vulnerability in NI LabVIEW when building font map

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and...

CVE-2024-29909

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Camille Verrier Travelers' Map allows Stored XSS.This issue affects Travelers' Map: from n/a through 2.2.0...

CVE-2024-12494

The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmltmeetingmap' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2021-30457

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in removeset upon a panic in a Drop impl...

PT-2025-20218 · Unknown · Cbx Map For Google Map & Openstreetmap

Name of the Vulnerable Software and Affected Versions: CBX Map for Google Map & OpenStreetMap versions 1.1.12 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means th...

Hash Collision Attack

io.netty.incubator, netty-incubator-codec-quic is vulnerable to Hash Collision Attack. The vulnerability is due to a hash collision in the hash map used to manage connections, which allows remote attackers to perform a Hash DoS attack by initiating connections with colliding Source Connection IDs...

CVE-2025-21853 bpf: avoid holding freeze_mutex during mmap operation

In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freezemutex during mmap operation We use map-freezemutex to prevent races between mapfreeze and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freezemutex...

Linux Distros Unpatched Vulnerability : CVE-2024-46743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent no...

CVE-2025-23517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sunil chaulagain Google Map on Post/Page google-map-on-postpage allows Reflected XSS.This issue affects Google Map on Post/Page: from n/a through = 1.1...

CVE-2025-23594 WordPress Google Map With Fancybox plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through = 2.1.0...

CVE-2024-56592

In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpfmapfdputptr will invoke bpfmapfreeid to free the id of the removed map element...

GHSA-49W6-73CW-CHJR Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...