1773 matches found
CVE-2026-57286
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...
EUVD-2026-38766
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...
CVE-2026-57286
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...
CVE-2026-57286
CVE-2026-57286 describes a missing permission check in the Jenkins Git Parameter Plugin (462.vdcf3df2ed2ca_ and earlier). This allows users with Item/Read permission to obtain information about the SCM repository used by a job (e.g., branch names, tag names, and revision metadata). The impact is ...
CVE-2026-47155
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...
CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...
CVE-2026-47155
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...
CVE-2026-47155
CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: Rejects the reuse of ALARM timer labels in revision 0 rules. In revision 0 rules, reusing timers by label always involves calling modtimer on the uninitialized timer-timer. If the label was created first i...
MINI-RJP8-XC83-R6HQ
Bulletin has no description...
GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...
Use of Incorrectly-Resolved Name or Reference
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference through several model loading paths. An attacker can make the server load a different Hugging Face...
CVE-2026-34905
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...
CVE-2026-25699
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...
PT-2026-48537
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...