689 matches found
OpenAI Realtime UI 代码问题漏洞
OpenAI Realtime UI is an interactive web application developed by bigsk1, based on OpenAI’s real-time API. It supports tool extensions and integration with Webhooks. There are code-related vulnerabilities in OpenAI Realtime UI; these vulnerabilities stem from operations involving parameters in th...
CVE-2026-34756
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a...
CVE-2026-34756
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
CVE-2026-34756
CVE-2026-34756 affects vLLM OpenAI-compatible API server prior to 0.19.0. The root cause is missing upper-bound validation on the n parameter in ChatCompletionRequest/CompletionRequest, allowing an unauthenticated attacker to send an astronomically large n value that causes the asyncio event loop...
EUVD-2026-19351
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
GHSA-MVV8-V4JJ-G47J Directus: Sensitive fields exposed in revision history
Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an...
GHSA-3MWP-WVH9-7528 vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an...
Apple Live Caller ID Privacy Concerns
Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
Malicious code in openai-async-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7619c9858e5326f4842462084bc313409a364f2b5c9aa004103c7d33a97c3545 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2026-17357
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
PT-2026-29219
Name of the Vulnerable Software and Affected Versions 1millionbot Millie chatbot affected versions not specified Description A prompt injection issue exists in the 1millionbot Millie chatbot. This occurs when a user bypasses chat restrictions using Boolean prompt injection techniques, constructin...
PT-2026-29445
@jxnlco @emilyzsh I think he is referring to that recent CVE-2026-4417 — OpenAI Codex vulnerability where excessive usefulness leads to immediate $200/month spend escalation. No patch available; users report “this is actually worth it” before wallet compromise...