PT-2026-42668

Name of the Vulnerable Software and Affected Versions LMDeploy versions 0.12.3 and earlier Description LMDeploy contains an implicit unsafe remote-code load path because it hardcodes the trust remote code=True parameter when fetching models. This configuration overrides the default-secure stance ...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

Security Bulletin: CVE-2025-36024 vulnerability have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate user enumeration errors. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2025-36024 DESCRIPTION: IBM System Storage DS8000 could allow a remote attacker to obtain sensitiv...

PT-2023-16286 · Google · Youtube Embedded 1.2 Sdk

Name of the Vulnerable Software and Affected Versions: YouTube Embedded 1.2 SDK Description: The YouTube Embedded 1.2 SDK has a potential vulnerability in its binding logic. After binding to a service within the YouTube Main App, a remote context is created with the flags Context.CONTEXT INCLUDE...