42 matches found
EUVD-2026-18522
vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models...
CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
Astra Linux – Vulnerability in python-httplib2
In httplib2 before version 0.18.0, an attacker who controlled unescaped parts of the URI for httplib2.Http.request could alter request headers and the request body, and send additional hidden requests to the same server. This vulnerability affects software that uses httplib2 with URIs constructed...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks Host and Origin header validation on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a...
CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...
PT-2026-29877
Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.17.999 Description vLLM, an inference and serving engine for large language models LLMs, exhibits an inconsistency in audio processing. Versions 0.5.5 through 0.17.999 utilize numpy.mean for mono downmixing via...
CLEANSTART-2026-CK42797 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-1229, CVE-2026-25679, CVE-2026-25934, CVE-2026-27139, CVE-2026-27142, ghsa-37cx-329c-33x3 applied in versions: 0.18.0-r1, 1.16.0-r0
Multiple security vulnerabilities affect the pulumi-kubernetes-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-DI15427 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-26958, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.18.0-r0, 0.19.0-r0
Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-HA09227 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.18.0-r0, 0.18.0-r1
Multiple security vulnerabilities affect the external-dns package. These issues are resolved in later releases. See references for individual vulnerability details...
EUVD-2026-16478
vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out...
CLEANSTART-2026-GP14462 Security fixes for GHSA-VVGC-356P-C3XW applied in versions: 0.18.0-r0
Security vulnerability affects the restic-fips package. This issue is resolved in later releases. See references for vulnerability details...
CVE-2025-65548
CVE-2025-65548 affects Nutshell (cashubtc/nuts) prior to 0.18.0. The issue is that when spending a token, the preimage size is not validated, and the preimage is stored by the mint, enabling an attacker to fill the mint’s database and disk with arbitrary data. Public sources consistently describe...
SUSE CVE-2025-13470
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
UBUNTU-CVE-2025-13470
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
CVE-2025-13470 RNP 0.18.0 Vulnerable PKESK session keys
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
RNP 安全漏洞
RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...
[SECURITY] Fedora 43 Update: rust-reqsign-0.18.0-1.fc43
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
EUVD-2019-8627
Malware in sbrugna...
CVE-2019-18960
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes...
openSUSE 15 Security Update : restic (openSUSE-SU-2025:0110-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0110-1 advisory. Update to 0.18.0 - Sec 5291: Mitigate attack on content-defined chunking algorithm - Fix 1843: Correctly restore long filepaths' timestamp on old Windows...