Lucene search
K

600 matches found

OSV
OSV
added 2026/03/27 3:27 p.m.2 views

GHSA-7972-PG2X-XR59 vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out

Summary Two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code...

8.8CVSS6.8AI score0.01364EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/27 3:27 p.m.29 views

vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out

Summary Two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code...

8.8CVSS6.6AI score0.01364EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/27 12:16 a.m.2 views

CVE-2026-27893

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS0.01364EPSS
Exploits0References15
OSV
OSV
added 2026/03/26 11:56 p.m.5 views

CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS6.5AI score0.01364EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/26 11:56 p.m.24 views

CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS0.01364EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 11:56 p.m.2 views

CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS6.5AI score0.01364EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 11:56 p.m.16 views

CVE-2026-27893

CVE-2026-27893 affects vLLM’s inference/serving engine. From version 0.10.1 up to (but not including) 0.18.0, two model implementation files hardcode trust_remote_code=True when loading sub-components, bypassing the user’s --trust-remote-code=False security opt-out. This enables remote code execu...

8.8CVSS6.5AI score0.01364EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 7:8 p.m.4 views

OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution.

Summary Synology Chat reply delivery could rebind to a mutable username match instead of the stable numeric userid recorded by the webhook event. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

8.1CVSS5.8AI score0.00236EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

7.1CVSS5.9AI score0.0019EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/22 12:0 a.m.6 views

When the Abyss Looks Back: Unveiling Evolving Dark Patterns in Cookie Consent Banners

To comply with data protection regulations such as the EU General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA, websites widely deploy cookie consent banners to collect users' privacy preferences. In practice, however, these interfaces often embed dark patterns tha...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:30 p.m.2 views

CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

6.8CVSS5.8AI score0.00489EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32009

OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can...

7.8CVSS0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 9:30 a.m.2 views

EUVD-2025-208860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 9:16 a.m.3 views

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

7.1CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 8:10 a.m.14 views

CVE-2025-53222

CVE-2025-53222 affects tagDiv Opt-In Builder (td-subscription) and is a Reflected XSS in input that is generated into web pages. Affected versions are from unspecified starting point up to and including 1.7.3. The issue has a CVSS v3.1 base score of 7.1 ( HIGH ), with network attack vector, low t...

7.1CVSS5.9AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 8:10 a.m.2 views

CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

7.1CVSS5.2AI score0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 8:10 a.m.2 views

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 8:10 a.m.25 views

CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

7.1CVSS0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.6 views

WordPress plugin tagDiv Opt-In Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.7AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder