Lucene search
K

224 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 7:59 a.m.7 views

CVE-2026-53140

A flaw was found in the Linux kernel's drm/v3d driver. This vulnerability occurs because a specific function, v3drewritecsdjobwgcountsfromindirect, does not correctly release virtual address mappings under certain conditions, specifically when workgroup counts are zero. This oversight results in ...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 10:9 p.m.5 views

CVE-2026-54236

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS5.9AI score0.00796EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 10:9 p.m.23 views

CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS0.00796EPSS
Exploits1References3
OSV
OSV
added 2026/06/17 2:4 p.m.4 views

GHSA-HGG8-FQQC-VFMW vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

5.3CVSS5.7AI score0.00796EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50491

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description An incomplete fix for a previous memory leak issue allows unauthenticated attackers to leak heap memory addresses. The system fails to properly sanitize error messages in several response paths,...

5.3CVSS6.7AI score0.00796EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1516

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

5.7CVSS5.5AI score0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 9:14 p.m.37 views

CVE-2026-43897 Link Preview JS: vunerable to IPv6 and internal loopback attacks

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

8.7CVSS0.00432EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 7:10 p.m.18 views

CVE-2026-45179

CVE-2026-45179 affects Plack::Middleware::Statsd for Perl, with versions before 0.9.0 potentially leaking user IP addresses if the statsd channel is not secured (e.g., UDP to a different network). Since 0.9.0, IPs are no longer logged unless configured; when configured, an HMAC signature of the I...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/09 10:7 p.m.6 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 4:16 p.m.4 views

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/28 12:0 a.m.36 views

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.4 views

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 12:0 a.m.5 views

EUVD-2025-209582

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 11:16 p.m.4 views

UBUNTU-CVE-2026-1516

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

5.7CVSS5.8AI score0.00428EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab 18.8.9,...

4.3CVSS5.9AI score0.00264EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:30 p.m.6 views

EUVD-2025-208323

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

6.2AI score0.00233EPSS
Exploits1References2
CVE
CVE
added 2026/03/05 12:0 a.m.12 views

CVE-2025-70616

CVE-2025-70616 affects the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The issue is a stack buffer overflow caused by missing bounds checking on the user-controlled Options parameter before copying into a 40-byte stack buffer Src[40] via m...

7.8CVSS6.2AI score0.00233EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 1:18 a.m.5 views

CVE-2025-67476 Importing leaks IP address of importer via EventStreams

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from before 1.44.3, 1.45.1...

5.3CVSS5.3AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 1:18 a.m.12 views

CVE-2025-67476

CVE-2025-67476 affects Wikimedia Foundation MediaWiki, with the flaw located in includes/Import/ImportableOldRevisionImporter.Php. Affects MediaWiki versions before 1.44.3 and before 1.45.1. The Red Hat advisory describes a remote-facing issue where a low-privilege attacker could disclose sensiti...

5.3CVSS5.3AI score0.00258EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/02 11:16 p.m.10 views

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS0.03816EPSS
Exploits0References15
Rows per page
Query Builder