Lucene search
+L

42 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-18522

vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models...

7.1CVSS5.2AI score0.00267EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 5:45 a.m.36 views

CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS0.00095EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in python-httplib2

In httplib2 before version 0.18.0, an attacker who controlled unescaped parts of the URI for httplib2.Http.request could alter request headers and the request body, and send additional hidden requests to the same server. This vulnerability affects software that uses httplib2 with URIs constructed...

6.8CVSS6.4AI score0.02593EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 8:13 p.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks Host and Origin header validation on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a...

7.6CVSS5.8AI score0.00136EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 6:59 p.m.22 views

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.8 views

PT-2026-29877

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.17.999 Description vLLM, an inference and serving engine for large language models LLMs, exhibits an inconsistency in audio processing. Versions 0.5.5 through 0.17.999 utilize numpy.mean for mono downmixing via...

7.1CVSS5.2AI score0.00267EPSS
Exploits0References13
OSV
OSV
added 2026/04/01 9:42 a.m.5 views

CLEANSTART-2026-CK42797 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-1229, CVE-2026-25679, CVE-2026-25934, CVE-2026-27139, CVE-2026-27142, ghsa-37cx-329c-33x3 applied in versions: 0.18.0-r1, 1.16.0-r0

Multiple security vulnerabilities affect the pulumi-kubernetes-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.00765EPSS
Exploits1References16
OSV
OSV
added 2026/04/01 9:38 a.m.3 views

CLEANSTART-2026-DI15427 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-26958, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.18.0-r0, 0.19.0-r0

Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.00765EPSS
Exploits1References9
OSV
OSV
added 2026/04/01 9:19 a.m.13 views

CLEANSTART-2026-HA09227 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.18.0-r0, 0.18.0-r1

Multiple security vulnerabilities affect the external-dns package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.01945EPSS
Exploits7References41
EUVD
EUVD
added 2026/03/27 3:27 p.m.4 views

EUVD-2026-16478

vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out...

8.8CVSS5.9AI score0.01364EPSS
Exploits0References4
OSV
OSV
added 2026/02/10 12:39 a.m.5 views

CLEANSTART-2026-GP14462 Security fixes for GHSA-VVGC-356P-C3XW applied in versions: 0.18.0-r0

Security vulnerability affects the restic-fips package. This issue is resolved in later releases. See references for vulnerability details...

5.9AI score
Exploits0References2
CVE
CVE
added 2025/12/08 12:0 a.m.22 views

CVE-2025-65548

CVE-2025-65548 affects Nutshell (cashubtc/nuts) prior to 0.18.0. The issue is that when spending a token, the preimage size is not validated, and the preimage is stored by the mint, enabling an attacker to fill the mint’s database and disk with arbitrary data. Public sources consistently describe...

9.1CVSS6.5AI score0.00364EPSS
Exploits1References6Affected Software1
SUSE CVE
SUSE CVE
added 2025/11/22 12:24 a.m.4 views

SUSE CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS6.8AI score0.00274EPSS
Exploits0References3
OSV
OSV
added 2025/11/21 5:15 p.m.4 views

UBUNTU-CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS5.9AI score0.00274EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/11/21 5:5 p.m.3 views

CVE-2025-13470 RNP 0.18.0 Vulnerable PKESK session keys

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS6.7AI score0.00274EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.8 views

RNP 安全漏洞

RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...

8.7CVSS6.3AI score0.00274EPSS
Exploits0References9
Fedora
Fedora
added 2025/11/05 2:13 a.m.11 views

[SECURITY] Fedora 43 Update: rust-reqsign-0.18.0-1.fc43

Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...

8.1CVSS7AI score0.00677EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-8627

Malware in sbrugna...

9.8CVSS9AI score0.03252EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.10 views

CVE-2019-18960

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes...

9.8CVSS7.4AI score0.03252EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.7 views

openSUSE 15 Security Update : restic (openSUSE-SU-2025:0110-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0110-1 advisory. Update to 0.18.0 - Sec 5291: Mitigate attack on content-defined chunking algorithm - Fix 1843: Correctly restore long filepaths' timestamp on old Windows...

5.6AI score
Exploits0References1
Rows per page
Query Builder