1946 matches found
CVE-2026-7161
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...
Astra Linux – Vulnerability in WebKit2GTK
This issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. A maliciously crafted webpage may be able to obtain user fingerprints...
Astra Linux – Vulnerability in OpenCV
A issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in the modules/objdetect/src/hog.cpp module...
Astra Linux – Vulnerability in Wireshark
In Wireshark versions 3.2.0 to 3.2.4, the GVCP dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-gvcp.c file by ensuring that the offset increased in all situations...
STARE: Step-Wise Temporal Alignment and Red-Teaming Engine for Multi-Modal Toxicity Attack
Red-teaming Vision-Language Models is essential for identifying vulnerabilities where adversarial image-text inputs trigger toxic outputs. Existing approaches treat image generation as a black box, returning only terminal toxicity scores and leaving open the question of when and how toxic semanti...
K000161051: WebKitGTK vulnerability CVE-2026-20652
Security Advisory Description The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. CVE-2026-20652 Impact There...
Hanwha Vision QND-8080R 操作系统命令注入漏洞
Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a vulnerability related to operating system command injection. This vulnerability arises from insufficient input validation, which may allow specially...
Hanwha Vision QND-8080R 访问控制错误漏洞
Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a access control vulnerability, which stems from issues with request processing. This vulnerability may lead to accidental access to protected functio...
Hanwha Vision QND-8080R 输入验证错误漏洞
Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a vulnerability related to input validation errors. This vulnerability arises from improper handling of data in specific requests, which may lead to...
PT-2026-35277
Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leakage of administrator credentials. When the utility sends privileged commands to devices over UDP...
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 CVSS score: 7.5, relate...
CVE-2026-33626
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
VulnCheck KEV: CVE-2026-33626
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
EUVD-2026-23970
LMDeploy has Server-Side Request Forgery SSRF via Vision-Language Image Loading...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...
LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...
GHSA-6W67-HWM5-92MQ LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...
CVE-2026-33626
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
CVE-2026-33626 LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
CVE-2026-33626
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...