Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 7:34 a.m.8 views

CVE-2026-54236

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending specially crafted malformed image bytes through the Anthropic Messages API. This action causes an error message to be generated that...

5.3CVSS5.6AI score0.00796EPSS
Exploits1References6
NVD
NVD
added 2026/06/22 11:16 p.m.11 views

CVE-2026-54236

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS0.00796EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 10:9 p.m.39 views

CVE-2026-54236

CVE-2026-54236 affects vLLM versions before 0.23.1rc0. Five code paths bypass the sanitize_message global exception handler, leaking heap addresses via exception messages: (1) Anthropic API router POST /v1/messages and POST /v1/messages/count_tokens (vllm/entrypoints/anthropic/api_router.py), (2)...

5.3CVSS5.9AI score0.00796EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.27 views

RHEL 6 : libxslt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxslt: Heap overread due to an empty decimal-separator CVE-2016-4738 - libxslt: xsltCheckRead and...

9.8CVSS8.4AI score0.05102EPSS
Exploits3References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2011-0195

The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202...

4.3CVSS8.8AI score0.01027EPSS
Exploits0References3
Veracode
Veracode
added 2019/01/15 8:57 a.m.38 views

Information Leakage

libxslt is vulnerable to an information leakage. It happens because generate-id function in libxslt/functions.c exposes sensitive information about heap memory addresses...

4.3CVSS9AI score0.02416EPSS
Exploits1References16Affected Software3
Tenable Nessus
Tenable Nessus
added 2012/10/12 12:0 a.m.41 views

Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)

Multiple vulnerabilities has been discovered and corrected in libxslt : Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors CVE-2011-1202. libxslt 1.1.26 and earlier does not properly manage memory,...

6.8CVSS8.8AI score0.02455EPSS
Exploits1References4
NVD
NVD
added 2011/04/15 8:55 p.m.29 views

CVE-2011-1713

Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202...

4.3CVSS9.1AI score0.11195EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2011/04/15 8:55 p.m.41 views

CVE-2011-1712

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap...

4.3CVSS5.9AI score0.0107EPSS
Exploits1References1
Prion
Prion
added 2011/04/15 8:55 p.m.26 views

Design/Logic Flaw

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap...

4.3CVSS6.6AI score0.0107EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2011/04/15 8:55 p.m.30 views

Design/Logic Flaw

Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202...

4.3CVSS6.2AI score0.11195EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2011/03/11 2:1 a.m.24 views

CVE-2011-1202

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT...

4.3CVSS9AI score0.02416EPSS
Exploits1References12
NVD
NVD
added 2010/10/08 10:0 p.m.25 views

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

4.3CVSS6.1AI score0.16803EPSS
Exploits1References4
Prion
Prion
added 2010/10/08 10:0 p.m.17 views

Design/Logic Flaw

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

4.3CVSS6.7AI score0.16803EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2010/10/08 9:0 p.m.40 views

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

6.1AI score0.16803EPSS
Exploits1References4
CVE
CVE
added 2010/10/08 9:0 p.m.75 views

CVE-2010-3886

The CVE-2010-3886 issue affects Microsoft Internet Explorer (mshtml.dll), specifically the CTimeoutEventList::InsertIntoTimeoutList function. The vulnerability arises from using a pointer value as part of Timer ID generation for setTimeout/setInterval in VBScript and JScript, enabling information...

4.3CVSS6.3AI score0.16803EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder