2 matches found
CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
CVE-2025-48922 GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GLightbox allows Cross-Site Scripting XSS.This issue affects GLightbox: from 0.0.0 before 1.0.16...