15342 matches found
CVE-2026-48816 sigstore-js: Insufficient Verification of Data Authenticity
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...
CVE-2026-50526
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
CVE-2026-47481
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...
CVE-2026-50526
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
CVE-2026-24226
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
CVE-2026-24226
NVIDIA TensorRT-LLM for Linux (CVE-2026-24226) is affected; the vulnerability is described as improper control of code generation, potentially enabling code execution, data tampering, and information disclosure. The NVIDIA security bulletin lists affected versions 0.0 to v1.3.0rc12 with an update...
CVE-2026-24259
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
CVE-2026-24259
CVE-2026-24259 affects NVIDIA TensorRT-LLM for Linux. The vulnerability is described as missing authentication for a critical function, with potential outcomes including code execution, data tampering, and information disclosure. According to the NVIDIA security update, for this CVE the remediati...
CVE-2026-24229
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, dat...
CVE-2026-24229
CVE-2026-24229 affects NVIDIA TensorRT-LLM for Linux, specifically the disaggregated orchestrator. The issue allows an attacker to read, write, or delete internal cluster state by sending requests to the FastAPI server, potentially enabling information disclosure, data tampering, and denial of se...
CVE-2026-47473
NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure...
CVE-2026-47473
CVE-2026-47473 affects NVIDIA TensorRT-LLM. The vulnerability is a write-what-where condition in TensorRT-LLM components, with potential impacts including data tampering, denial of service, and information disclosure as described in multiple sources. NVIDIA’s security update table lists this CVE ...
CVE-2026-47471
NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service...
CVE-2026-47471
NVIDIA TensorRT-LLM (any platform) is reported vulnerable to a heap-based buffer overflow in tensor deserialization (CVE-2026-47471). Affected component: TensorRT-LLM’s tensor deserialization pathway. Consequences described: information disclosure, data tampering, and denial of service. Exploitat...
CVE-2026-47472
NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service...
CVE-2026-47472
NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer (CVE-2026-47472). A local, same-user attacker could trigger deserialization, with potential impacts including code execution, information disclosure, data tampering, and denial of service. The NVIDIA security up...
CVE-2026-47481
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...
CVE-2026-47481
CVE-2026-47481 affects NVIDIA Triton Inference Server for Linux. The vulnerability enables authentication bypass via an alternative path or channel, with potential for code execution, privilege escalation, information disclosure, and data tampering. NVIDIA’s security bulletin indicates remediatio...
EUVD-2026-44394
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
CVE-2026-50526
CVE-2026-50526 describes an issue in .NET where improper link resolution before file access ("link following") can allow an authorized local attacker to tamper with files. Multiple sources document the same description and note a local attack vector with high impact on confidentiality, integrity,...