Exploit for CVE-2023-12345

Shadow-Scan - Advanced Security Audit Framework 🔥 Overview...

CVE-2026-22585

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Azure Linux 3.0 Security Update: pam (CVE-2024-10963)

The version of pam installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10963 advisory. - A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

@backstage-community/plugin-scaffolder-backend-module-amplication (=0.4.0), @backstage-community/plugin-scaffolder-backend-module-annotator (=2.9.0) +33 more potentially affected by CVE-2026-24046 via @backstage/plugin-scaffolder-node (>=0.0.0-nightly-20240929023448 <=0.11.1-next.0)

@backstage/plugin-scaffolder-node NPM version =0.0.0-nightly-20240929023448, =2.8.0, =0.0.0-nightly-20240116021644, =0.0.0-nightly-2022122206, =0.0.0-nightly-20231213021616, =0.0.0-nightly-20231213021616, =0.3.14-next.0 and more...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

EUVD-2026-3678

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

CVE-2026-22807

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

GHSA-H3HW-29FV-2X75 @envelop/graphql-modules has a Race Condition vulnerability

Summary Context race condition when using useGraphQLModules plugin Details Related to: https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 When 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the...

@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @frontside/backstage-plugin-graphql (>=0.1.0 <=0.6.0) +4 more potentially affected by unknown CVE via @envelop/graphql-modules (>=0.2.1 <=6.0.0)

@envelop/graphql-modules NPM version =0.2.1, =0.0.0, =0.1.0, =0.1.7, =0.2.6, =0.1.0, =0.7.0, =0.9.6 Source cves: unknown CVE Source advisory: OSV:GHSA-H3HW-29FV-2X75...

EUVD-2026-3671

@envelop/graphql-modules has a Race Condition vulnerability...

Race Condition

Overview @envelop/graphql-modules is a This plugins integrates graphql-modules execution lifecycle into the GraphQL execution flow. Affected versions of this package are vulnerable to Race Condition via the useGraphQLModules plugin. An attacker can cause request context data to be mixed between...

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23967 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

Remote Code Execution (RCE)

fickling is vulnerable to Remote Code Execution RCE. The vulnerability is due to the failure to explicitly block dangerous modules such as ctypes and pydoc, which allows an attacker to chain pydoc.locate with ctypes during pickle analysis to achieve RCE while the malicious pickle file is still...

Improper Security Checks For Unsafe Imports

Fickling is vulnerable to improper security checks for unsafe imports. The vulnerability is due to incomplete validation in the unsafeimports method of the static analyzer, which fails to flag certain high-risk Python modules, allowing an attacker to craft malicious pickle files that bypass safet...

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

WordPress Supreme Modules Lite plugin code issue vulnerability

WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...