9 matches found
PYSEC-2026-144
vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...
CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...
EUVD-2025-26697
Malicious code in bioql PyPI...
CVE-2025-41035
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the base64 path after /download/ endpoint. An attacker can access arbitrary files outside the intended document root by providing a crafted base64-encoded path after the download endpoint, bypassing security...
CVE-2025-41035
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41035 Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41035 Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
PT-2025-35906
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An authenticated Path Traversal vulnerability exists in the /apprain/common/download/ endpoint. This allows remote users to bypass SecurityManager restrictions and download arbitrary files if they posses...