11953 matches found
MINI-RJP8-XC83-R6HQ
Bulletin has no description...
MINI-5X68-866F-V52F
Bulletin has no description...
MINI-878G-P8RJ-CQ5M
Bulletin has no description...
MINI-RCGX-HGC5-45FX
Bulletin has no description...
MINI-MC42-68PH-R2G5
Bulletin has no description...
MINI-77M3-X2C2-CX62
Bulletin has no description...
SUSE CVE-2026-47165
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge-response authentication model. This has been changed in versions 6.9.13-48 an...
Arbitrary File Write
open-webui/open-webui is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of file paths in the downloadmodel endpoint on Windows, which allows an attacker to manipulate file paths and write files to arbitrary locations on the server...
CVE-2026-46432
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
CVE-2026-46517
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems
Nowadays, the autonomous execution of cyberattacks capable of causing substantial real-world harm is widely regarded as one of the critical red lines that frontier AI systems must not cross. Within this broader red-line scenario, autonomous penetration represents a core enabling capability and...
PT-2026-48637
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...
MINI-RH55-X2W5-88RC
Bulletin has no description...
EUVD-2026-36177
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...
CVE-2026-48251
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-48250
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47983
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47935
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-34692
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...