Lucene search
+L

156 matches found

Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.8 views

Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/02 11:16 a.m.9 views

CVE-2026-0599

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS0.22494EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 10:36 a.m.5 views

CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 10:36 a.m.26 views

CVE-2026-0599

CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.8 views

EUVD-2026-5137

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-5654

Name of the Vulnerable Software and Affected Versions huggingface/text-generation-inference version 3.3.6 huggingface/text-generation-inference versions prior to 3.3.7 Description A flaw exists in huggingface/text-generation-inference that allows unauthenticated remote attackers to cause a...

7.5CVSS7.4AI score0.22494EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.6 views

CVE-2022-38394

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...

9.8CVSS7.4AI score0.00947EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: cobbler (TSSA-2025:0578)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0578 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS5.6AI score0.03948EPSS
Exploits6References2
Patchstack
Patchstack
added 2025/10/22 11:9 p.m.9 views

WordPress Academy LMS Pro plugin <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon vulnerability

Unauthenticated Privilege Escalation via Social Login Addon vulnerability discovered by Thái An in WordPress Plugin Academy LMS Pro versions = 3.3.7...

8.1CVSS6.7AI score0.00367EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/22 11:25 a.m.5 views

CVE-2025-11086 Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...

8.1CVSS5.9AI score0.00367EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5814

Malware in sbrugna...

9.8CVSS8.8AI score0.02308EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5815

Malware in sbrugna...

8.8CVSS8.6AI score0.29683EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/22 7:33 a.m.11 views

CVE-2025-10658

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS6.2AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2025/09/20 7:15 a.m.4 views

CVE-2025-10658

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS0.00318EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-13565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An open redirect vulnerability exists in the returnpage redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 commit...

6.1CVSS6.4AI score0.01879EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-13566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to...

8.8CVSS8.1AI score0.01576EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/14 8:41 p.m.3 views

Information Exposure

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Information Exposure via the user details API endpoint. An attacker can obtain basic information about users, such as name, affiliation, and email, by...

6.5CVSS6.4AI score0.00565EPSS
Exploits2References2
CVE
CVE
added 2025/07/14 8:14 p.m.39 views

CVE-2025-53640

CVE-2025-53640 – Indico user details disclosure via API/endpoint . Indico (event management platform) uses Flask-Multipass for authentication. Until fixed in v3.3.7, a specific endpoint that presents user details in fields such as ACLs could be abused to bulk-dump basic user data (name, affiliati...

6.5CVSS7.3AI score0.00565EPSS
Exploits2References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.6 views

CVE-2023-23327

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...

4.9CVSS6.5AI score0.00818EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:6 p.m.3 views

CVE-2022-34869

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

8.8CVSS7.3AI score0.00986EPSS
Exploits0References1
Rows per page
Query Builder