Lucene search
+L

21 matches found

redhatcve
redhatcve
added 2026/07/08 5:0 a.m.6 views

CVE-2026-55514

A flaw was found in vLLM, a library for Large Language Model LLM inference and serving. A remote attacker, authorized to make a /v1/completions request, can send a specially crafted prompt embeds payload. This action causes the EngineCore to fail an assertion and fatally crash, leading to a Denia...

7.1CVSS5.9AI score0.0037EPSS
Exploits0References7
nvd
nvd
added 2026/07/06 9:16 p.m.12 views

CVE-2026-55514

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS0.0037EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/06 8:7 p.m.5 views

CVE-2026-55514

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS6AI score0.0037EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/07/06 8:7 p.m.4 views

CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS6AI score0.0037EPSS
Exploits0References6
cve
cve
added 2026/07/06 8:7 p.m.15 views

CVE-2026-55514

CVE-2026-55514 affects the vLLM library (inference/serving) from versions 0.12.0 through older than 0.24.0. Sending a pure prompt embeds payload in a /v1/completions request for a model using M-RoPE triggers an EngineCore assertion, causing a fatal crash that shuts down the entire server applicat...

7.1CVSS6AI score0.0037EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-387 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.7AI score0.01256EPSS
Exploits1References9
osv
osv
added 2026/05/15 8:37 p.m.4 views

CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS7.2AI score0.003EPSS
Exploits1References3
cve
cve
added 2026/05/15 7:20 p.m.26 views

CVE-2026-45349

Open WebUI had a broken access control issue for the completions API ( /api/chat/completions ) allowing a user to continue another user’s conversation if they knew the other user’s Chat ID. This privacy/policy bypass could expose private conversations. The issue affects prior to version 0.9.0 and...

7.1CVSS5.8AI score0.00231EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/05/14 8:24 p.m.21 views

GHSA-GFM2-XM6C-37QC Open WebUI has Broken Access Control for Completions API

Summary Any user X can continue the conversation of any other user Y, as long as the Chat ID of Y is known. User X does not even need to be an admin to do so. Details A user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of anoth...

7.1CVSS5.8AI score0.00231EPSS
Exploits1References5
github
github
added 2026/05/06 5:23 p.m.11 views

QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

7.1CVSS7.2AI score0.00258EPSS
Exploits1References4Affected Software1
redhatcve
redhatcve
added 2025/11/25 7:7 a.m.14 views

CVE-2025-62426

A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chattemplatekwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API...

6.5CVSS6.4AI score0.00326EPSS
Exploits0References8
cvelist
cvelist
added 2025/11/21 1:18 a.m.18 views

CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE

vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...

8.8CVSS0.00849EPSS
Exploits0References3
osv
osv
added 2025/11/21 1:18 a.m.3 views

CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE

vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...

8.8CVSS8.1AI score0.00849EPSS
Exploits0References5
osv
osv
added 2025/11/20 8:59 p.m.3 views

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS6.5AI score0.00849EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/11/20 12:0 a.m.3 views

PT-2025-47648

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. A memory corruption issue exists in the Completions API endpoint, specifically when processing user-supplied prompt...

9CVSS7.9AI score0.00849EPSS
Exploits0References29
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1088

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01256EPSS
Exploits1References8
snyk
snyk
added 2025/07/08 2:44 a.m.3 views

SQL Injection

Overview airda is an airda Affected versions of this package are vulnerable to SQL Injection via the execute function in the /v1/chat/completions file when processing the question argument. An attacker can access or modify sensitive data, or disrupt application functionality by sending crafted...

6.5CVSS7.9AI score0.00248EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/05/30 12:0 a.m.6 views

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.8.0 through 0.9.0, which stems from the use of an invalid jsonschema call to the /v1/completions API that could cause the serv...

6.5CVSS6.3AI score0.00453EPSS
Exploits1References5
osv
osv
added 2024/09/17 6:33 p.m.9 views

GHSA-W2R7-9579-27HF vLLM denial of service vulnerability

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...

8.7CVSS5.8AI score0.00676EPSS
Exploits0References7
cvelist
cvelist
added 2024/04/10 5:7 p.m.27 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS10AI score0.01256EPSS
Exploits1References2
Rows per page
Query Builder