Lucene search
K

75 matches found

NVD
NVD
added 2026/07/06 9:16 p.m.10 views

CVE-2026-55514

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS0.0037EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 8:7 p.m.29 views

CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS0.0037EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 7:49 p.m.3 views

CVE-2026-54234 vLLM: Remote DoS in vLLM via Invalid Recovered Token Reinjection

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score0.00343EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/06 7:49 p.m.35 views

CVE-2026-54234 vLLM: Remote DoS in vLLM via Invalid Recovered Token Reinjection

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS0.00343EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:49 p.m.6 views

CVE-2026-54234

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score0.00343EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/06 7:41 p.m.3 views

CVE-2026-55646 vLLM speech-to-text endpoints allocate full upload before enforcing the audio file-size limit

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6AI score0.00289EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 7:41 p.m.5 views

EUVD-2026-41914

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56000

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.24.0 Description The structured outputs.regex API parameter allows user-supplied regular expression strings to be passed to grammar compiler backends without a compilation timeout. In the xgrammar backend, the string i...

8.7CVSS6AI score0.00324EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55978

Name of the Vulnerable Software and Affected Versions vLLM versions 0.22.0 through 0.23.0 Description The software fails to validate the size of uploaded audio files before loading them into memory. Specifically, the endpoints '/v1/audio/transcriptions' and '/v1/audio/translations' execute the...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55997

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.24.0 Description A flaw in the rejection sampler during multi-request speculative decoding workloads allows the production of a recovered token equal to the model vocabulary size boundary value. This value is converted...

7.5CVSS5.9AI score0.00343EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/29 12:24 p.m.15 views

EUVD-2026-33284

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 6:16 p.m.25 views

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 5:57 p.m.8 views

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:57 p.m.14 views

EUVD-2026-31947

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:57 p.m.8 views

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/26 5:57 p.m.39 views

CVE-2026-42448

CVE-2026-42448 affects the Python package magic-wormhole . A vulnerability in the receive path occurs when the receiver specifies --output and that target directory already exists, enabling a path traversal. Documentation in multiple sources confirms this flaw and its fix: upgrade to version 0.2...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 5:57 p.m.45 views

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 5:57 p.m.3 views

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS6AI score0.00197EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Magic Wormhole 路径遍历漏洞

Magic Wormhole is an open-source, secure cross-computer file transfer tool. Versions of Magic Wormhole prior to 0.24.0 contained a path traversal vulnerability, which was due to the possibility of path traversal when the recipient specified an output directory...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 8:40 p.m.8 views

GHSA-CF92-GFCW-6V53 Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed

Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References3
Rows per page
Query Builder