Lucene search
+L

32 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44953

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-24271

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-24271

NVIDIA TensorRT-LLM’s OpenAI-compatible inference API (CVE-2026-24271) is vulnerable to unthrottled GPU resource allocation, potentially causing denial of service. The affected product is NVIDIA TensorRT-LLM; the issue stems from uncontrolled resource allocation within the inference API. The secu...

6.2CVSS6.1AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-47475

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-47475

Summary of CVE-2026-47475 (NVIDIA TensorRT-LLM) : A vulnerability in the OpenAI-compatible inference API could allow an attacker to trigger a reachable assertion in the sampler thread, potentially causing a denial of service. The issue is scoped to NVIDIA TensorRT-LLM, with local attack vector an...

6.2CVSS6.1AI score0.0012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-62186

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-57888

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.6.8 Description An authorization bypass exists in OpenAI-compatible HTTP model overrides. This issue allows callers with lower trust levels to perform actions that typically require stronger authorization checks...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 3:50 p.m.13 views

CVE-2026-54033

LibreChat exposes an SSRF risk in its baseURL handling: prior to version 0.8.4-rc1, an authenticated user could set a custom OpenAI-compatible API endpoint baseURL and have requests constructed without SSRF validation (no private IP check, no scheme restriction, no DNS pinning). This allowed dire...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:50 p.m.36 views

CVE-2026-54033 LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:50 p.m.7 views

EUVD-2026-39460

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 10:16 a.m.12 views

CVE-2026-5497

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS0.00543EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/11 8:31 a.m.11 views

EUVD-2026-36217

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS5.5AI score0.00543EPSS
Exploits1References2
CVE
CVE
added 2026/06/11 8:31 a.m.70 views

CVE-2026-5497

CVE-2026-5497 affects vLLM 0.8.0 and later, where VideoMediaIO.load_base64() can perform unbounded frame processing for video/jpeg data URLs, leading to an Out-of-Memory DoS. An attacker can craft a single API request with thousands of comma-separated base64 JPEG frames, causing the server to dec...

7.5CVSS5.5AI score0.00543EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9540

A flaw was found in vllm-project vllm, specifically within its OpenAI-compatible Serving Path. A remote attacker could exploit this vulnerability by manipulating certain processing, leading to a denial of service DoS. This could make the affected service unavailable to legitimate users. The issue...

6.9CVSS6AI score0.00427EPSS
Exploits0References10
OSV
OSV
added 2026/05/26 3:32 p.m.6 views

GHSA-98F3-HWG4-4RF7 vllm has Improper Resource Shutdown or Release

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.5AI score0.00427EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/26 2:43 p.m.12 views

Improper Resource Shutdown or Release

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the OpenAI-compatible Serving Path component. An attacker can cause the service to become unavailable by...

6.9CVSS6.1AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 2:16 p.m.19 views

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS0.00427EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 10:30 a.m.13 views

EUVD-2026-31810

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:30 a.m.10 views

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/26 10:30 a.m.48 views

CVE-2026-9540

CVE-2026-9540 affects vllm-project vllm 0.19.0, specifically an issue in the OpenAI-compatible Serving Path that allows remote manipulation leading to a denial of service. The vulnerability’s exploitation is described as publicly available, with a pull request to fix it awaiting acceptance. CVSS ...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7
Rows per page
Query Builder