Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 8:3 a.m.9 views

CVE-2026-41523

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the...

7.5CVSS6.4AI score0.00484EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/22 10:18 p.m.6 views

CVE-2026-41523

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/16 5:34 p.m.5 views

GHSA-Q8GQ-377P-JQ3R vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

7.5CVSS6.2AI score0.00484EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/16 5:34 p.m.62 views

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

8.1CVSS7.7AI score0.0252EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/06/03 3:49 p.m.25 views

CVE-2026-46249

The CVE-2026-46249 issue affects the Linux kernel octeontx2-af PF driver. During a kexec reboot, the old AF state may persist if the PF driver probes before AF reinitializes, and if the RVUM block revision is not cleared on shutdown, PF can mis-detect AF readiness and access stale hardware, leadi...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.7 views

CVE-2025-12821

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

8.8CVSS6.6AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:52 a.m.10 views

CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php...

5CVSS7.2AI score0.01209EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 12:31 p.m.20 views

CVE-2025-11587

CVE-2025-11587 refers to the WordPress plugin “Call Now Button – The #1 Click to Call Button for WordPress.” The advisory states a missing capability check in the activate function across all versions up to 1.5.3, allowing authenticated users with Subscriber-level access or higher to modify data ...

4.3CVSS4.7AI score0.00214EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/06/19 12:0 a.m.9 views

Efficient Blockchain-Based Steganography Via Backcalculating Generative Adversarial Network

Blockchain-based steganography enables data hiding via encoding the covert data into a specific blockchain transaction field. However, previous works focus on the specific field-embedding methods while lacking a consideration on required field-generation embedding. In this paper, we propose a...

6.8AI score
Exploits0
CVE
CVE
added 2023/01/20 12:0 a.m.53 views

CVE-2021-37498

CVE-2021-37498 describes a server-side request forgery (SSRF) in the Reprise License Manager (RLM) web interface (up to version 14.2BL4 and prior). The vulnerability allows remote attackers to trigger outbound requests to intranet servers and perform port scanning via the actserver parameter in t...

6.5CVSS6.5AI score0.00594EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder