CVE-2026-34756

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

Astra Linux - уязвимость в python-httplib2

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server that responded with a long series of "\xa0" characters in the “www-authenticate” header could cause a Denial of Service attack, resulting in excessive CPU usage during header parsing ...

CVE-2025-58766

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker...

send 跨站脚本漏洞

send is a pillarjs open source library for streaming files from the file system as http responses. A cross-site scripting vulnerability exists in send versions prior to 0.19.0 that stems from passing untrusted user input to SendStream.redirect to execute untrusted code...

Firecracker Buffer Overflow Vulnerability

Firecracker is a miniature virtual machine for serverless computing. A buffer overflow vulnerability exists in Firecracker versions 0.18.0 and 0.19.0. A remote attacker could exploit this vulnerability to cause a denial of service...