Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/20 6:27 p.m.20 views

CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/20 6:27 p.m.6 views

CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.47 views

CVE-2026-56340

vLLM versions >= 0.10.2 and

8.8CVSS5.9AI score0.00352EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/01/08 9:47 p.m.176 views

vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.8AI score0.00849EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/08 9:47 p.m.5 views

GHSA-MCMC-2M55-J8JJ vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.7AI score0.00849EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0193

Malware in sbrugna...

6.3CVSS6.3AI score0.0072EPSS
Exploits1References8
OSV
OSV
added 2020/09/25 7:15 p.m.23 views

PYSEC-2020-278

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed...

5.8CVSS2.2AI score0.00537EPSS
Exploits1References3
PyPA
PyPA
added 2020/09/25 7:15 p.m.8 views

PYSEC-2020-121

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed...

5.8CVSS6.9AI score0.00537EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder