Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

vLLM 资源管理错误漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Version vLLM 0.8.0 and later contain a resource management vulnerability. This vulnerability stems from the unlimited frame counting in the VideoMediaIO.loadbase64...

PT-2026-30276

Summary The VideoMediaIO.load base64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num frames parameter default: 32, which is enforced by the load bytes code path at line 47-48, ...