HUSTOJ Path Traversal Vulnerability

HUSTOJ is a popular OJ system developed by Zhang Haobin zhblue from China. Versions of HUSTOJ before 26.01.24 contained a path traversal vulnerability. This vulnerability stemmed from the improper cleaning of file names in uploaded ZIP archives by the problemimportqduoj.php and problemimporthoj.p...

Linux Distros Unpatched Vulnerability : CVE-2026-24808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects...

PT-2026-4893

Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...

CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

CVE-2025-67274

CVE-2025-67274 affects continuous.software aangine v.2025.2. An issue in the excel-integration-service template download module, the integration-persistence-service job listing module, and the portfolio-item-service data retrieval module endpoints allows a remote attacker to obtain sensitive info...

pnpm security vulnerabilities

PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in binary links, which could allow malicious npm packages to create executable files or symbolic links...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004951 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trac...

Exploit for CVE-2023-12345

Shadow-Scan - Advanced Security Audit Framework 🔥 Overview...

CVE-2026-22585

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Azure Linux 3.0 Security Update: pam (CVE-2024-10963)

The version of pam installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10963 advisory. - A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

@backstage-community/plugin-scaffolder-backend-module-amplication (=0.4.0), @backstage-community/plugin-scaffolder-backend-module-annotator (=2.9.0) +33 more potentially affected by CVE-2026-24046 via @backstage/plugin-scaffolder-node (>=0.0.0-nightly-20240929023448 <=0.11.1-next.0)

@backstage/plugin-scaffolder-node NPM version =0.0.0-nightly-20240929023448, =2.8.0, =0.0.0-nightly-20240116021644, =0.0.0-nightly-2022122206, =0.0.0-nightly-20231213021616, =0.0.0-nightly-20231213021616, =0.3.14-next.0 and more...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

CVE-2026-22807

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

EUVD-2026-3678

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @frontside/backstage-plugin-graphql (>=0.1.0 <=0.6.0) +4 more potentially affected by unknown CVE via @envelop/graphql-modules (>=0.2.1 <=6.0.0)

@envelop/graphql-modules NPM version =0.2.1, =0.0.0, =0.1.0, =0.1.7, =0.2.6, =0.1.0, =0.7.0, =0.9.6 Source cves: unknown CVE Source advisory: OSV:GHSA-H3HW-29FV-2X75...