ALPINE-CVE-2024-36350

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information...

UBUNTU-CVE-2024-36348

A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage...

CVE-2025-3648

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

CVE-2025-3648

The CVE-2025-3648 entry concerns the Now Platform, where data could be inferred without authorization under certain conditional ACL configurations. The vulnerability allows unauthenticated and authenticated users to use range query requests to infer instance data not meant to be accessible. Techn...

CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

AMD Processors 安全漏洞

AMD Processors is a processor from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Processors that originates from a user process that may speculatively infer control registers, potentially leading to information disclosure...

AMD Processors 安全漏洞

AMD Processors is a processor from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Processors that originates from a user process that may infer TSCAUX, potentially leading to information disclosure...

AMD Processors 安全漏洞

AMD Processors is a processor from Ultraviolet Semiconductor AMD. AMD Processors suffers from a security vulnerability that stems from the possibility that an attacker could infer previously stored data, potentially leading to the disclosure of privileged information...

Moderate: Red Hat Security Advisory: Red Hat AI Inference Server 3.0 (CUDA)

Red Hat AI Inference Server 3.0 CUDA is now available. Red Hat® AI Inference Server...

Moderate: Red Hat Security Advisory: Red Hat AI Inference Server 3.0 (ROCm)

Red Hat AI Inference Server 3.0 ROCm is now available. Red Hat® AI Inference Server...

Cascade: Token-Sharded Private LLM Inference

As LLMs continue to increase in parameter size, the computational resources required to run them are available to fewer parties. Therefore, third-party inference services -- where LLMs are hosted by third parties with significant computational resources -- are becoming increasingly popular...

CVE-2025-6920

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/ endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows...

CVE-2025-6920 Ai-inference-server: authentication bypass via unprotected inference endpoint in api

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/ endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows...

CVE-2025-6920

CVE-2025-6920 affects ai-inference-server: the POST /invocations endpoint bypasses API key validation, permitting unauthorized access to inference features and potentially backend resources. Affected: model inference API under /v1/*; root cause: authentication enforcement failure on /invocations....

CVE-2025-6920 Ai-inference-server: authentication bypass via unprotected inference endpoint in api

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/ endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows...

PT-2025-27527 · Unknown · Ai-Inference-Server

Name of the Vulnerable Software and Affected Versions: ai-inference-server affected versions not specified Description: A flaw was found in the authentication enforcement mechanism of a model inference API. The issue affects the "/v1/" endpoints, where API key validation is expected but not...

CVE-2025-52566

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

Amplifying Machine Learning Attacks through Strategic Compositions

Machine learning ML models are proving to be vulnerable to a variety of attacks that allow the adversary to learn sensitive information, cause mispredictions, and more. While these attacks have been extensively studied, current research predominantly focuses on analyzing each attack type...

SecONNds: Secure Outsourced Neural Network Inference on ImageNet

The widespread adoption of outsourced neural network inference presents significant privacy challenges, as sensitive user data is processed on untrusted remote servers. Secure inference offers a privacy-preserving solution, but existing frameworks suffer from high computational overhead and...