PT-2026-48400

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

CVE-2026-40154

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in...

CVE-2026-40154 PraisonAI Affected by Untrusted Remote Template Code Execution

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in...

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

EUVD-2023-33543

Malicious code in bioql PyPI...

CVE-2024-3958

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

BIT-GITLAB-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...

CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...

CVE-2023-2013

CVE-2023-2013 affects GitLab CE/EE with versions starting from 1.2 up to 15.10.8, versions from 15.11 up to 15.11.7, and 16.0 up to 16.0.2. The issue arises from a discrepancy between the web application display and the Git CLI, which can be abused to social engineer victims into cloning non-trus...

CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...

CVE-2022-1665

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing...

CVE-2022-1665

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing...

PT-2022-14033 · Red Hat · Red Hat

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux for IBM Power architecture affected versions not specified Description: A set of pre-production kernel packages can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have th...

TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

Bulletin ID: AMD-SB-1023 Potential Impact: Loss of Integrity, Confidentiality and Availability Summary A malicious hypervisor HV along with an unprivileged process controlled by an attacker and executing in a guest VM, may maliciously control the process of flushing the Translation Lookaside Buff...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

CVE-2021-21423

CVE-2021-21423 concerns the projen build tool. The issue centers on the rebuild-bot GitHub workflow (triggered by issue_comment with @projen rebuild) which runs with the repository’s GITHUB_TOKEN and could allow untrusted code to affect the main branch, potentially exposing secrets or altering co...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2016-5542)

Summary If a JAR file is signed with old, weak hash algorithms, the class files within it can be modified without the change being caught. This potentially enables attackers to inject malicious code into signed code from a trusted third party. Vulnerability Details CVEID: CVE-2016-5542 DESCRIPTIO...