vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct...

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE),...

A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The...

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64660

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64655

Microsoft Defender Portal Spoofing Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459

Azure Monitor Elevation of Privilege Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62207

Microsoft SharePoint Online Elevation of Privilege Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245

Azure Bastion Elevation of Privilege Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object...

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The...

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. More information : https://gist.github.com/Israel0x00/8a81ec98162e9ca8e4a3a6c8b4ef4762

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. More information : https://www.ibm.com/support/pages/node/7252019

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. More information : https://www.ibm.com/support/pages/node/7252019