Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...

PT-2026-49617

CVE ID :CVE-2026-54296 Published : June 15, 2026, 6:31 p.m. | 1 hour, 19 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-49614

CVE ID :CVE-2026-54292 Published : June 15, 2026, 6:33 p.m. | 1 hour, 17 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-49616

CVE ID :CVE-2026-54295 Published : June 15, 2026, 6:32 p.m. | 1 hour, 18 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-34692

creationtimestamp| type| source ---|---|--- 2026-06-12 00:03:29+00:00| seen| https://bsky.app/profile/experiencedigest.bsky.social/post/3mo2guhgkry2y...

PT-2026-48486

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...

EUVD-2026-35309

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

JLSEC-2026-608

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

MAL-2026-5278 Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

CVE-2026-35400

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

CVE-2026-48866

creationtimestamp| type| source ---|---|--- 2026-06-05 14:00:07+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87442 2026-06-05 15:00:18+00:00| published-proof-of-concept| Telegram/I55EnFdJmYEBchmRtkjPCUSn7qv5UvMe7YwNG8H83xOzV0w 2026-06-05 21:00:04+00:00| published-proof-of-concept...

CVE-2026-35906

creationtimestamp| type| source ---|---|--- 2026-06-03 17:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87170 2026-06-03 21:00:04+00:00| seen| Telegram/kE9cLUPBGVlQM0eKet2aE5O-03aGK7deKtr42pLnxraAufk...

CVE-2025-15656

creationtimestamp| type| source ---|---|--- 2026-06-03 11:24:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mneyq3vs6v2v 2026-06-04 02:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngjolkpeg25...

PT-2026-48942

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

Malicious Package

Overview imillegal1 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

Malicious Package

Overview nottuff24 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

CVE-2026-20982

creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/86872...

CVE-2026-10249

creationtimestamp| type| source ---|---|--- 2026-06-01 13:25:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mna6kqr6zb2p...

Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...