PT-2026-42668

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "get model arch and related helpers hardcode trust remote code=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

Security Bulletin: CVE-2025-36024 vulnerability have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate user enumeration errors. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2025-36024 DESCRIPTION: IBM System Storage DS8000 could allow a remote attacker to obtain sensitiv...

PT-2023-16286 · Google · Youtube Embedded 1.2 Sdk

Name of the Vulnerable Software and Affected Versions: YouTube Embedded 1.2 SDK Description: The YouTube Embedded 1.2 SDK has a potential vulnerability in its binding logic. After binding to a service within the YouTube Main App, a remote context is created with the flags Context.CONTEXT INCLUDE...