Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 2 days ago5 views

CVE-2026-41523

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.0039EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2026/06/16 5:34 p.m.53 views

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

8.1CVSS7.7AI score0.0252EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/06/03 3:49 p.m.14 views

CVE-2026-46249

The CVE-2026-46249 issue affects the Linux kernel octeontx2-af PF driver. During a kexec reboot, the old AF state may persist if the PF driver probes before AF reinitializes, and if the RVUM block revision is not cleared on shutdown, PF can mis-detect AF readiness and access stale hardware, leadi...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/20 7:22 a.m.5 views

CVE-2025-12821

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

8.8CVSS6.6AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 11:52 a.m.9 views

CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php...

5CVSS7.2AI score0.01209EPSS
Exploits0References1
CVE
CVEadded 2025/10/29 12:31 p.m.16 views

CVE-2025-11587

CVE-2025-11587 refers to the WordPress plugin “Call Now Button – The #1 Click to Call Button for WordPress.” The advisory states a missing capability check in the activate function across all versions up to 1.5.3, allowing authenticated users with Subscriber-level access or higher to modify data ...

4.3CVSS4.7AI score0.00195EPSS
Exploits0References3
Packet Storm News
Packet Storm Newsadded 2025/06/19 12:0 a.m.6 views

Efficient Blockchain-Based Steganography Via Backcalculating Generative Adversarial Network

Blockchain-based steganography enables data hiding via encoding the covert data into a specific blockchain transaction field. However, previous works focus on the specific field-embedding methods while lacking a consideration on required field-generation embedding. In this paper, we propose a...

6.8AI score
Exploits0
CVE
CVEadded 2023/01/20 12:0 a.m.47 views

CVE-2021-37498

CVE-2021-37498 describes a server-side request forgery (SSRF) in the Reprise License Manager (RLM) web interface (up to version 14.2BL4 and prior). The vulnerability allows remote attackers to trigger outbound requests to intranet servers and perform port scanning via the actserver parameter in t...

6.5CVSS6.5AI score0.00785EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder