77 matches found
CVE-2026-41322
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...
EUVD-2026-22962
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
EUVD-2026-22970
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
EUVD-2026-22973
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20147
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20147
Cisco CVE-2026-20147 affects Cisco Identity Services Engine (ISE) and ISE-PIC. An authenticated, remote attacker with valid administrative credentials can exploit insufficient input validation via a crafted HTTP request to execute arbitrary commands on the device’s underlying OS, potentially gain...
EUVD-2025-12672
Malicious code in bioql PyPI...
CVE-2025-55207
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
Open Redirect
Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Open Redirect via the trailingSlash configuration in standalone mode with the Node deployment adapter. An attacker can redirect users to external sites by crafting URLs with double...
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
CVE-2025-55207
Astro CVE-2025-55207 describes an Open Redirect vulnerability in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone mode with trailingSlash set to "always", URLs like https://example.com//astro.build/press can redirect to //astro.build/press, en...
PT-2025-33494 · Astro · Astro
Name of the Vulnerable Software and Affected Versions: Astro versions prior to 9.4.1 Description: Astro is a web framework for content-driven websites. An open redirect vulnerability exists in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone...
CVE-2025-20264
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms fo...
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
Affected Environments Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by...
CVE-2025-30202
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...
CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...
CVE-2025-30202
CVE-2025-30202 affects vLLM versions 0.5.2 up to 0.8.4 (prior to 0.8.5) in multi-node deployments. The root cause is an XPUB ZeroMQ socket bound to ALL interfaces on the primary host used for tensor parallelism, which can be accessed by any client with network access. This allows potential data e...
GHSA-9F8F-2VMF-885J Data exposure via ZeroMQ on multi-node vLLM deployment
Impact In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism acros...
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities (cisco-sa-ise-multivuls-FTW9AOXF)
According to its self-reported version, Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities is affected by multiple vulnerabilities. - A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary comman...