Lucene search
+L

66 matches found

redhatcve
redhatcve
added 2026/06/29 5:2 a.m.11 views

CVE-2025-71379

A flaw was found in vLLM. Multiple regular expression denial of service ReDoS vulnerabilities exist in versions greater than or equal to 0.6.3 and less than 0.9.0. An attacker can exploit this by submitting crafted input with nested or repeated structures to specific regex patterns within vLLM,...

7.5CVSS5.8AI score0.00321EPSS
Exploits1References5
astralinux
astralinux
added 2026/06/23 11:48 a.m.6 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: rpl: Reserve enough headroom for the MAC header when recompressing the SRH. The function ipv6rplsrhrcv decompresses the RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses it, and then...

9.8CVSS6.5AI score0.00475EPSS
Exploits0References3
nvd
nvd
added 2026/06/20 7:16 p.m.14 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

7.5CVSS0.00321EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/20 6:27 p.m.7 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/06/20 6:27 p.m.12 views

EUVD-2025-210290

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
cve
cve
added 2026/06/20 6:27 p.m.21 views

CVE-2025-71379

CVE-2025-71379 affects vLLM versions 0.6.3 through 0.8.x (before 0.9.0). The vulnerability is a set of regular expression denial of service (ReDoS) flaws in multiple components: (1) regex patterns in vllm/lora/utils.py, (2) the phi4mini tool parser, and (3) the OpenAI-compatible serving chat endp...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/06/20 6:27 p.m.26 views

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS0.00321EPSS
Exploits1References2
packetstormnews
packetstormnews
added 2026/06/08 12:0 a.m.20 views

Customization under Fire: Plugin Poisoning in Text-To-Image Ecosystem

The prosperity of text-to-image T2I models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation LoRA plugins, which allow users to customize and share model capabilities with ease. This democratization, however, comes with a hidden but severe security risk. Malicious...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS4.8AI score0.00368EPSS
Exploits0References1
euvd
euvd
added 2026/06/02 12:31 a.m.14 views

EUVD-2026-33833

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References7
nvd
nvd
added 2026/06/01 11:16 p.m.14 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS0.00368EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/01 11:0 p.m.12 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
osv
osv
added 2026/06/01 11:0 p.m.4 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References8
cve
cve
added 2026/06/01 11:0 p.m.48 views

CVE-2026-10300

SGLang 0.5.10.post1 contains a vulnerability in the Inference HTTP Endpoint, specifically in python/sglang/srt/lora/lora_manager.py where manipulation of the lora_path argument can trigger a reachable assertion. The issue is exposed over the network with high attack complexity and no authenticati...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/01 11:0 p.m.33 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS0.00368EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.13 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...

6.3CVSS4.9AI score0.00368EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.20 views

PT-2026-45663

Name of the Vulnerable Software and Affected Versions SGLang version 0.5.10.post1 Description A flaw exists in the Inference HTTP Endpoint component within the file python/sglang/srt/lora/lora manager.py. Remote manipulation of the lora path argument can trigger a reachable assertion, potentially...

6.3CVSS6AI score0.00368EPSS
Exploits0References15
packetstormnews
packetstormnews
added 2026/05/28 12:0 a.m.34 views

Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection

We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a...

5.8AI score
Exploits0
nvd
nvd
added 2026/04/07 8:16 p.m.7 views

CVE-2025-14857

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS0.00243EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/07 7:58 p.m.9 views

CVE-2025-14859

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

7CVSS6AI score0.0011EPSS
Exploits0References2
Rows per page
Query Builder