Lucene search
K

461 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-566 vLLM Deserialization of Untrusted Data vulnerability

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

9.8CVSS6.6AI score0.01424EPSS
Exploits1References6
NVD
NVD
added 2026/06/28 12:17 p.m.10 views

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/14 5:26 p.m.31 views

CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS0.00407EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

VMware Spring AMQP 安全特征问题漏洞

VMware Spring AMQP is a message queue integration framework developed by the American company VMware. There is a security vulnerability in VMware Spring AMQP, which stems from the use of a fixed reply queue ID in the RabbitTemplate.sendAndReceive method, making it predictable due to an internal...

4.4CVSS5.3AI score0.00173EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/03 9:6 p.m.14 views

malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.1AI score0.00174EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 1:23 p.m.10 views

CVE-2026-9844 Vulnerability in navify® Digital Pathology

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 7:16 p.m.11 views

CVE-2026-49121

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.8CVSS0.01104EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:9 p.m.8 views

CVE-2026-49121

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References4
CVE
CVE
added 2026/06/01 5:9 p.m.43 views

CVE-2026-49121

CVE-2026-49121 affects AI Tensor Engine for ROCm (AITER) up to version 0.1.14. The vulnerability exists in the MessageQueue.recv() function in shm_broadcast.py, where an unauthenticated remote attacker can deliver a crafted pickle payload to a ZMQ SUB socket (no authentication, no HMAC, no format...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/06/01 5:9 p.m.18 views

EUVD-2026-33717

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.24 views

PT-2026-45540

Name of the Vulnerable Software and Affected Versions AI Tensor Engine for ROCm AITER versions prior to 0.1.15 Description An unauthenticated remote code execution issue exists in the MessageQueue.recv function within shm broadcast.py. This occurs because a ZMQ SUB socket lacks authentication,...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-2607

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

5.1CVSS5.8AI score0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:38 a.m.40 views

CVE-2026-49199

The CVE-2026-49199 entry describes a root‑level RCE via crafted MQTT messages, enabling command injection on the target device. Connected records identify Predator Connect W6x as affected (CVE-2026-49199 CVE Record). The core issue is a vulnerability in handling MQTT payloads that allows arbitrar...

10CVSS6.2AI score0.01338EPSS
Exploits0References1Affected Software1
Information Security Automation
Information Security Automation
added 2026/05/25 5:0 p.m.15 views

May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader

May "In the Trend of VM" 27: high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. While the previous April edition featured only one vulnerability, this one...

8.8CVSS7AI score0.96666EPSS
Exploits248
Microsoft CVE
Microsoft CVE
added 2026/05/22 8:1 a.m.6 views

net/rds: handle zerocopy send cleanup before the message is queued

...

7.8CVSS5.4AI score0.00123EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Media: MediTech; vcodec: Fix resource leaks in vdecmsgqueueinit. If any error occurs in vdecmsgqueueinit, we need to set “msgqueue-wdmaaddr.size = 0;”. Normally, this is done within the vdecmsgqueuedeinit function. However, if...

6.1AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Zeromq3

A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...

9.8CVSS8.5AI score0.01602EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: kcm: Fixed error handling for SOCKDGRAM in kcmsendmsg. Syzkaller identified a memory leak in kcmsendmsg, and the commit c821a88bd720 "kcm: Fix memory leak in the error path of kcmsendmsg" suppressed this issue by updating...

5.7AI score0.00225EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fixed a possible memory leak in initmqueuefs The commit details are as follows: db7cfc380900 "ipc: Free mqsysctls if ipc namespace creation failed" This is a similar memory leak to the one fixed by the above patch. A...

5.7AI score0.00198EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipc: A memory leak has been fixed in initmqueuefs. When setupmqsysctls failed in initmqueuefs, the mqueue inode cachep is not released. To address this issue, the release path has been reordered...

5.5CVSS5.6AI score0.00143EPSS
Exploits0References2
Rows per page
Query Builder