jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

CVE-2026-7304 CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

CVE-2026-7304 CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, due to unvalidated deserialization of Python objects via dill.loads(). The CVE-2026-7304 entry reports a CRITICAL impact (ATT&CK/explicit exploi...

CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

EUVD-2026-30766

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

PT-2026-41670

Name of the Vulnerable Software and Affected Versions SGLangs affected versions not specified Description The multimodal generation runtime allows unauthenticated remote code execution when the --enable-custom-logit-processor option is active. This occurs because Python objects loaded via the...

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; these vulnerabilities arise when the --enable-custom-logit-processor option is enabled, resulting in unvalidated deserialization of Python...

CVE-2023-31317

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer ASP could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution...

CVE-2026-43331

A flaw was found in the Linux kernel. When Kernel Coverage KCOV instrumentation is enabled, a local user performing a kexec operation can trigger an invalid state within the x86/kexec component. This invalid state, related to the GS base that KCOV relies on for per-CPU data, causes the kernel to...

CVE-2026-43326

A flaw was found in the Linux kernel, specifically within the schedext component. This vulnerability can lead to a system-wide deadlock, causing a Denial of Service DoS where the system becomes unresponsive. The issue arises when the kernel's scheduling mechanism enters a busy-wait state in a...

The vulnerability was exploited in AMD processors

AMD has addressed a vulnerability in certain processor models through a mitigation measure included in the Windows update of May 2026. This vulnerability affects certain AMD processors. A local malicious actor could exploit this vulnerability to execute arbitrary code on the system. The mitigatio...

CVE-2025-54518

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation...

CVE-2025-66664

Insufficient parameter sanitization in AMD Secure Processor ASP TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDLOADGFXIPFW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2023-31316

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

CVE-2023-31317

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer ASP could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution...

CVE-2025-54518

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation...

EUVD-2026-30502

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

CVE-2024-36332

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine VM to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service DOS condition...