Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the quantization configuration loading process. An attacker can execute arbitrary code,...

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the checkpoint loading process. An attacker can execute arbitrary code, escalate...

Security Bulletin: NVIDIA Megatron LM - March 2026

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.15.3 or later from NVIDIA/Megatron-LM on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

EUVD-2026-3779

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

EUVD-2026-3778

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

5ire security vulnerabilities

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained security vulnerabilities. These vulnerabilities stemmed from insecure HTML rendering, which allowed unauthorized HTML execution. This could allow attackers to inject malicio...

PT-2026-3864

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to...

GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default

Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...

@excalidraw/excalidraw Cross-site Scripting vulnerability

Impact XSS vulnerability due to improperly sanitizing URLs of links that can be attached on canvas elements. This affects users of the npm package @excalidraw/excalidraw provided it was deployed in environments where untrusted user input in drawings that are then shared with third parties is a...

active_attr Improper Resource Shutdown or Release vulnerability

A vulnerability classified as problematic has been found in cgriego activeattr up to 0.15.3. This affects the function call of the file lib/activeattr/typecasting/booleantypecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit ha...

PT-2022-11602 · Cgriego · Active Attr

Name of the Vulnerable Software and Affected Versions: cgriego active attr versions up to 0.15.3 Description: A problematic vulnerability has been found in the cgriego active attr component, specifically affecting the function call of the file lib/active attr/typecasting/boolean typecaster.rb of...

default search paths use Terraform Registry for custom providers in Terraform version 0.15.3

In Hashicorp Terraform version 0.15.3 the default search paths use Terraform Registry for custom providers if they exist in the terraform plan which can be attacked via code processed by the CI/CD pipeline using "terraform plan" resulting in Remote code Execution, exfiltration of environmental...