Lucene search
K

1785 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59828

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References10Affected Software1
OSV
OSV
added 5 days ago1 views

CVE-2026-59828 Discourse: Hidden post revisions leak through adjacent visible diffs

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS6.1AI score0.00314EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-57004

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Post revisions intended to be hidden from regular users may be leaked through visib...

5.3CVSS6.1AI score0.00314EPSS
Exploits0References12
NVD
NVD
added 2026/07/01 4:16 p.m.9 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

9.8CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:23 p.m.17 views

CVE-2026-58025

CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki (affected components: includes/Import/WikiImporter.php, includes/Import/WikiRevision.php, includes/Logging/LogEntryBase.php) that affects MediaWiki releases prior to 1.46.0, including 1.45...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.10 views

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5272 Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE in github.com/tektoncd/pipeline

Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE in github.com/tektoncd/pipeline...

8.5CVSS5.8AI score0.00788EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fixed the issue where the PF driver crashed during kexec kernel booting. During a kexec reboot, the hardware is not power-cycle, so the AF state from the old kernel can persist into the new kernel. When the AF and P...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 2:17 p.m.7 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38766

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.34 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.13 views

CVE-2026-57286

CVE-2026-57286 describes a missing permission check in the Jenkins Git Parameter Plugin (462.vdcf3df2ed2ca_ and earlier). This allows users with Item/Read permission to obtain information about the SCM repository used by a job (e.g., branch names, tag names, and revision metadata). The impact is ...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 11:16 p.m.11 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00146EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 10:20 p.m.5 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/22 10:20 p.m.28 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00146EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 10:20 p.m.46 views

CVE-2026-47155

CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/22 10:20 p.m.5 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS6AI score0.00146EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 9:47 p.m.6 views

MINI-RJP8-XC83-R6HQ

Bulletin has no description...

6.1CVSS5.2AI score0.00188EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.14 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder