Lucene search
K

49 matches found

CVE
CVE
added 2026/01/30 7:16 a.m.25 views

CVE-2026-25211

Llama Stack (llama-stack)

3.2CVSS5.9AI score0.00219EPSS
Exploits1References2
OSV
OSV
added 2026/01/30 7:16 a.m.7 views

CVE-2026-25211

Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...

3.2CVSS5.9AI score0.00219EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.5 views

PT-2026-5384

Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.4.0rc3 Description The software does not properly conceal the pgvector password within the initialization logs, potentially exposing sensitive credentials. Recommendations Update to version 0.4.0rc3 or later...

3.2CVSS6.1AI score0.00219EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.6 views

Llama Stack log information leakage vulnerability

Llama Stack is a core building block for simplified artificial intelligence application development, open-sourced by Meta Llama. Versions of Llama Stack prior to 0.4.0rc3 contained a vulnerability related to log information leakage. This vulnerability stemmed from the fact that the log...

3.2CVSS6AI score0.00219EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/01/16 12:46 p.m.203 views

Exploit for CVE-2024-50050

--- 💀 LlamaStack-RCE: CVE-2024-50050 Supply Chain Exploitatio...

6.3CVSS7.9AI score0.00886EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/07 12:32 p.m.6 views

CVE-2026-1234

A security issue was identified in the Llama Stack server when PGVector is used as a vector store provider. During initialization, the server logs print the PGVector database password in clear text. This occurs due to insufficient redaction of sensitive configuration fields. As a result, anyone...

7.3CVSS6.4AI score
Exploits0References3
Veracode
Veracode
added 2025/11/06 8:9 a.m.6 views

Remote Code Execution (RCE)

Llama Stack is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of parameters in the resolveastbytype function, which allows an attacker to supply malicious input leading to arbitrary code execution...

5.3CVSS8AI score0.0047EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31066

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.0047EPSS
Exploits0References5
OSV
OSV
added 2025/09/24 9:30 p.m.3 views

GHSA-X75H-M6JJ-6CJ2 Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

5.3CVSS8AI score0.0047EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/09/24 9:30 p.m.6 views

lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: SNYK:PYTHON-LLAMASTACK-13109624...

5.3CVSS5.8AI score0.0047EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 9:30 p.m.6 views

lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: OSV:GHSA-X75H-M6JJ-6CJ2...

5.3CVSS5.8AI score0.0047EPSS
Exploits0
Snyk
Snyk
added 2025/09/24 9:30 p.m.2 views

Cross-site Scripting (XSS)

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Cross-site Scripting XSS via the resolveastbytype function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters. Details Cross-site scripting or XSS...

6.9CVSS5.4AI score0.0047EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.8 views

Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

5.3CVSS8.1AI score0.0047EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/09/24 7:15 p.m.6 views

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

5.3CVSS0.0047EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 7:15 p.m.5 views

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

5.3CVSS8.1AI score0.0047EPSS
Exploits0References3
CVE
CVE
added 2025/09/24 6:31 p.m.17 views

CVE-2025-55178

Summary: Llama Stack versions prior to 0.2.20 are reported to be vulnerable to remote code execution due to unverified parameters accepted by the resolve_ast_by_type function. This root cause is consistently described across multiple sources (CVE-2025-55178 entries and related advisories). Affect...

5.3CVSS7.6AI score0.0047EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/24 6:31 p.m.1 views

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

7.6AI score0.0047EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/24 6:31 p.m.10 views

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

0.0047EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.4 views

PT-2025-39321

Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.2.20 Description The software accepts unverified parameters in the resolve ast by type function, which may allow for remote code execution. Recommendations Update to version 0.2.20 or later...

5.3CVSS6.2AI score0.0047EPSS
Exploits0References14
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.4 views

Llama Stack 安全漏洞

Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in Llama Stack versions prior to v0.2.20, which stems from the resolveastbytype function accepting unvalidated parameters, which could lead to remote code execution...

5.3CVSS7.5AI score0.0047EPSS
Exploits0References3
Rows per page
Query Builder