17 matches found
CVE-2025-29770 vulnerabilities
Vulnerabilities for packages: py3.10-vllm-cuda-11.8, tritonserver-backend-vllm...
CVE-2025-29770
creationtimestamp| type| source ---|---|--- 2025-03-19 18:43:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtncxpzy2l 2025-03-19 18:49:28+00:00| seen| https://t.me/cvedetector/20651...
CVE-2025-29770 vLLM denial of service via outlines unbounded cache on disk
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...
CVE-2025-29770 vLLM denial of service via outlines unbounded cache on disk
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...
CVE-2025-29770
CVE-2025-29770 affects vLLM’s guided_decoding outlines backend. The vulnerability arises because outlines_logits_processors.py unconditionally uses outlines’ on-disk grammar cache, enabling a malicious user to send many short decoding requests with unique schemas and exhaust the filesystem, causi...
CVE-2024-29770
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2...
CVE-2024-29770
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2...
CVE-2024-29770
CVE-2024-29770 — Reflected XSS in Pretty Links Shortlinks (Shortlinks by Pretty Links). Affected: Shortlinks plugin up to 3.6.2. Root cause: improper neutralization of input during web page generation. Impact: Low confidentiality, integrity, and availability impact per the CVSS; exploitation requ...
CVE-2024-29770 WordPress Pretty Links plugin <= 3.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2...
WordPress Shortlinks by Pretty Links Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Shortlinks by Pretty Links Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29770 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1b0efcde695 Credits Rafie Muhammad...
CVE-2023-29770
creationtimestamp| type| source ---|---|--- 2023-12-17 12:12:05+00:00| seen| https://t.me/ctinow/155586...
CVE-2023-29770
In CVE-2023-29770, Sentrifugo 3.5 is affected by a vulnerability in AssetsController::uploadsaveAction that allows an authenticated attacker to upload arbitrary files without extension filtering. The issue enables unauthenticated? No—authenticated attacker per description, with impact described a...
CVE-2022-29770
creationtimestamp| type| source ---|---|--- 2022-06-04 00:26:49+00:00| seen| https://t.me/cibsecurity/43831...
CVE-2022-29770
XXL-Job v2.3.0 is identified as vulnerable to a stored cross-site scripting (XSS) flaw exposed via /xxl-job-admin/jobinfo. The CVE-Catalog entry and multiple security trackers (GHSA, CNVD, OSV, NVD) describe this vulnerability as stored XSS, affecting XXL-Job’s admin/jobinfo endpoint. Public refe...
CVE-2021-29770
creationtimestamp| type| source ---|---|--- 2021-07-26 16:11:16+00:00| seen| https://t.me/cibsecurity/26475...
CVE-2021-29770
CVE-2021-29770 affects IBM i2 Analyze and Analyst’s Notebook Premium. The issue arises from hazardous input validation in certain data fields that can allow an authenticated user to perform unauthorized actions. Affected products/versions include IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2. The IBM ad...
Security Bulletin: i2 Analyse and Analyst's Notebook Premium have hyperlink clicking vulnerability (CVE-2021-29770)
Summary IBM i2 Analyse and Analyst's Notebook Premium are vulnerable to malicious hyperlinks in certain data fields Vulnerability Details CVEID: CVE-2021-29770 DESCRIPTION: IBM i2 Analyst's Notebook Premium could allow an authenticated user to perform unauthorized actions due to hazardous input...