Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

737 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 8:44 a.m.23 views

CVE-2022-23560

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS6.5AI score0.00296EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/01/08 9:47 p.m.12 views

vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.8AI score0.00191EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/01/08 9:47 p.m.2 views

GHSA-MCMC-2M55-J8JJ vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.7AI score
Exploits0References3
Snyk
Snykadded 2026/01/01 6:47 a.m.1 views

Allocation of Resources Without Limits or Throttling

Overview tenso is a High-performance zero-copy tensor protocol Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing bounds checks during tensor deserialization. An attacker can exploit this by providing crafted serialized data tha...

7.1CVSS6.8AI score
Exploits0References3
RedHat Linux
RedHat Linuxadded 2025/12/15 3:50 p.m.3 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)

Red Hat AI Inference Server 3.2.5 TPU is now available. Red Hat® AI Inference Server...

8.8CVSS7.1AI score0.00591EPSS
Exploits2References12
Veracode
Veracodeadded 2025/12/13 7:29 a.m.4 views

Remote Code Execution

SGLang is vulnerable to Remote Code Execution. The vulnerability is due to the manipulation of the argument serializednamedtensors, where the function main of the file /updateweightsfromtensor results in deserialization, and attackers can launch the attack remotely by exploiting this vulnerabilit...

7.5CVSS5.7AI score0.00114EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/12/08 3:36 a.m.1 views

MAL-2025-192375 Malicious code in tensor-fi-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097848a520bc6a7316c011e97b306f4743b5498acdeccea54d5d4a0ab44bdebd The package tensor-fi-utils-core was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References3
EUVD
EUVDadded 2025/12/08 3:36 a.m.1 views

EUVD-2025-201660

Malicious code in tensor-fi-utils-core npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/08 3:36 a.m.4 views

Malicious code in tensor-fi-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097848a520bc6a7316c011e97b306f4743b5498acdeccea54d5d4a0ab44bdebd The package tensor-fi-utils-core was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References3
Snyk
Snykadded 2025/12/08 3:36 a.m.1 views

Malicious Package

Overview tensor-fi-utils-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSVadded 2025/12/01 1:27 p.m.3 views

MAL-2025-191597 Malicious code in tensor-fi-crypto-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9ed8cc30500616c36f3301bfeb5ec377ea53456fdfcbcb8fa1993346cb64958 The package tensor-fi-crypto-utils was found to contain malicious code...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/01 1:27 p.m.3 views

Malicious code in tensor-fi-crypto-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9ed8cc30500616c36f3301bfeb5ec377ea53456fdfcbcb8fa1993346cb64958 The package tensor-fi-crypto-utils was found to contain malicious code...

7AI score
Exploits0
Github Security Blog
Github Security Blogadded 2025/11/21 6:3 p.m.10 views

MLX has Wild Pointer Dereference in load_gguf()

Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...

7.5CVSS7.1AI score0.001EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/11/20 8:59 p.m.0 views

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS6.5AI score0.00191EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2025/11/20 8:59 p.m.7 views

vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS8.3AI score0.00191EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2025/11/11 12:9 a.m.1 views

EUVD-2025-50836

Malicious code in tensor-fi-utils-lib npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/11 12:9 a.m.4 views

Malicious code in tensor-fi-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5e019daea1bdfd44c0cf583f38cd83ec5b2073b8b494e8ff91905e0b2f2f88e The package tensor-fi-utils-lib was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References3
OSV
OSVadded 2025/11/11 12:9 a.m.1 views

MAL-2025-66551 Malicious code in tensor-fi-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5e019daea1bdfd44c0cf583f38cd83ec5b2073b8b494e8ff91905e0b2f2f88e The package tensor-fi-utils-lib was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-0256

Malware in sbrugna...

7.8CVSS7.5AI score0.00011EPSS
Exploits1References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-0322

Malware in sbrugna...

5.5CVSS5.3AI score0.00009EPSS
Exploits1References9
Rows per page
Query Builder