5 matches found
Dash-Uploader 0.7.0a2 Denial of Service
dash-uploader versions 0.1.0 through 0.7.0a2 suffer from multiple denial of service vulnerabilities...
CVE-2025-48956 vLLM API endpoints vulnerable to Denial of Service Attacks
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.10.1.1, a Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion,...
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-54998
CVE-2025-54998 affects OpenBao versions 0.1.0–2.3.1, where an aliasing mismatch between pre-flight and full login user entity attributes allowed bypass of automatic user lockout in Userpass/LDAP auth. The issue is fixed in version 2.3.2. Remediation: upgrade to 2.3.2; as a workaround, apply rate-...
PT-2024-40971 · Unknown · Kvm-Ioctls
Name of the Vulnerable Software and Affected Versions: kvm-ioctls versions 0.1.0 through 0.19.0 Description: An issue in the VmFd::create device function causes undefined behavior due to a violation of Rust's pointer safety rules. The function downcasts a mutable reference to an immutable pointer...