CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/14 12:0 a.m.•21 views

Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

Detecting memory corruption vulnerabilities in stripped binaries requires recovering object semantics, interprocedural propagation, and feasible triggers from low-level, lossy representations. Recent LLM-based approaches improve code understanding, but reliable detection still requires grounding ...

5.9AI score

Packet Storm News•added 2026/05/13 12:0 a.m.•53 views

ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

6.4AI score

Cvelist•added 2026/05/12 7:58 p.m.•33 views

CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

6.5CVSS0.00367EPSS

Exploits0References2

EUVD•added 2026/05/12 6:30 p.m.•5 views

EUVD-2026-29559

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

6.3AI score0.00508EPSS

OSV•added 2026/05/12 6:30 p.m.•3 views

GHSA-G76P-4VG5-F4QH llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

Github Security Blog•added 2026/05/12 6:30 p.m.•10 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

Exploits0References4Affected Software1

NVD•added 2026/05/12 6:16 p.m.•7 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS0.00409EPSS

Exploits0References2

UbuntuCve•added 2026/05/12 6:16 p.m.•6 views

CVE-2026-31236

OSV•added 2026/05/12 6:16 p.m.•4 views

UBUNTU-CVE-2026-31236

ATTACKERKB•added 2026/05/12 4:25 p.m.•3 views

Exploits0References4

CVE-2026-43992

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...

9.8CVSS5.8AI score0.00225EPSS

Exploits0References4Affected Software1

Packet Storm News•added 2026/05/12 12:0 a.m.•8 views

Iterative Audit Convergence in LLM-Managed Multi-Agent Systems: A Case Study in Prompt Engineering Quality Assurance

Prompt specifications for multi-agent large language model LLM systems carry data contracts and integration logic across many interdependent files but are rarely subjected to structured-inspection rigor. This paper reports a single-system empirical case study of iterative, agent-driven auditing...

5.9AI score

CNNVD•added 2026/05/12 12:0 a.m.•6 views

LLM 安全漏洞

LLM is a multi-model large language model command-line interaction tool developed by Simon Willison. Versions of LLM 0.27.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of the --functions command-line parameter to directly execute unsafe code using the exe...

9.8CVSS6.1AI score0.00508EPSS

Exploits0References1

Debian CVE•added 2026/05/12 12:0 a.m.•10 views

CVE-2026-31236

OSV•added 2026/05/11 6:31 p.m.•5 views

GHSA-P58C-Q354-6C4F pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS5.9AI score0.00209EPSS

Exploits0References4

EUVD•added 2026/05/11 4:17 p.m.•9 views

EUVD-2026-21376

LiteLLM has a sandbox escape in custom-code guardrail...

8.8CVSS5.8AI score0.00709EPSS

Exploits2References4

ATTACKERKB•added 2026/05/11 2:35 p.m.•5 views

CVE-2026-7817

7.1CVSS6AI score0.00209EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/11 2:35 p.m.•5 views

CVE-2026-7817 pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints

7.1CVSS6AI score0.00209EPSS

Exploits0References1

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39627

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description Local file inclusion LFI and server-side request forgery SSRF issues exist in the LLM API configuration endpoints. Authenticated users can read arbitrary server-side files by providing a path to the...

7.1CVSS5.9AI score0.00209EPSS

Exploits0References8

Packet Storm News•added 2026/05/11 12:0 a.m.•20 views

Continuous Discovery of Vulnerabilities in LLM Serving Systems with Fuzzing

LLM inference and serving systems have become security-critical infrastructure; however, many of their most concerning failures arise from the serving layer rather than from model behavior alone. Modern inference engines combine KV cache, batching, prefix sharing, speculative decoding, adapters,...

5.8AI score