CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

348 matches found

CVE-2026-54236

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending specially crafted malformed image bytes through the Anthropic Messages API. This action causes an error message to be generated that...

5.3CVSS5.6AI score0.00796EPSS

Exploits1References6

OSV•added 3 days ago•2 views

UBUNTU-CVE-2026-53133

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...

7.8CVSS5.7AI score0.00129EPSS

Exploits0References11

EUVD•added 4 days ago•4 views

EUVD-2026-39338

5.7AI score0.00129EPSS

Exploits0References9

CVE•added 4 days ago•8 views

CVE-2026-53133

The CVE-2026-53133 entry concerns the Linux kernel RDMA/umem component where an IOMMU-assisted mapping can split a very large block across multiple SG entries. During reassembly in __rdma_block_iter_next(), 32-bit stack values can overflow, causing incorrect DMA addresses for blocks at or beyond ...

7.8CVSS5.7AI score0.00129EPSS

Exploits0References8

NVD•added last week•10 views

CVE-2026-54236

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS0.00796EPSS

Exploits1References3

CVE•added last week•25 views

CVE-2026-54236

CVE-2026-54236 affects vLLM versions before 0.23.1rc0. Five code paths bypass the sanitize_message global exception handler, leaking heap addresses via exception messages: (1) Anthropic API router POST /v1/messages and POST /v1/messages/count_tokens (vllm/entrypoints/anthropic/api_router.py), (2)...

5.3CVSS5.9AI score0.00796EPSS

Exploits1References3Affected Software1

AstraLinux•added 2026/06/19 11:10 a.m.•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Fixed corrupted packets for XDPSHAREDUMEM. A issue was addressed in the XDPSHAREDUMEM mode, along with the aligned mode, where packets were corrupted for the second and any subsequent sockets bound to the same umem. In other...

5.5CVSS5.5AI score0.0018EPSS

Exploits0References2

Github Security Blog•added 2026/06/11 1:28 p.m.•11 views

netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access

The netty-incubator-codec-ohttp library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations, provides a fallback path for direct ByteBufs that do not expose their memory address through hasMemoryAddress...

9.1CVSS5.8AI score0.00174EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/04/27 6:4 a.m.•26 views

CVE-2026-3008 Vulnerability in Notepad++

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...

6.6CVSS0.00224EPSS

Exploits1References5

ATTACKERKB•added 2026/04/27 6:4 a.m.•3 views

CVE-2026-3008

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...

10CVSS5.3AI score0.00224EPSS

Exploits1References6Affected Software1

CVE•added 2026/04/27 6:4 a.m.•166 views

CVE-2026-3008

CVE-2026-3008 is a Notepad++ string-injection vulnerability in the Find Results flow. A vulnerability in sub_1400916C0 formats the Find Results count label using a localized string from nativeLang.xml as the wsprintfW format string, with no validation of the string flow. This can cause a crash (D...

6.6CVSS5.3AI score0.00224EPSS

Exploits1References5

CNNVD•added 2026/04/27 12:0 a.m.•7 views

Notepad++ 格式化字符串错误漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has a vulnerability related to formatted string handling, which stems from string injection issues. This vulnerability may allow attackers to obtain memory address information or cause the application to...

6.6CVSS6AI score0.00224EPSS

Exploits1References1

Positive Technologies•added 2026/04/27 12:0 a.m.•6 views

PT-2026-35357

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.4 Description A string injection issue exists in the FindInFiles function of the text editor, stemming from flaws in the formatting string processing mechanism. Successful exploitation could allow an attacker to...

6.6CVSS6AI score0.00224EPSS

Exploits1References33

Debian CVE•added 2026/02/04 4:8 p.m.•4 views

CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

5.5CVSS5.2AI score0.00123EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-1691

Malware in sbrugna...

4.7CVSS5.3AI score0.02118EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-17635

Malware in sbrugna...

5.5CVSS6.8AI score0.03661EPSS

Exploits0References4