Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53604

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.11.1 Description LMDeploy is a toolkit used for compressing, deploying, and serving LLMs. A flaw exists where the torch.load function is called without the weights only=True parameter when loading model checkpoint...

8.8CVSS7.4AI score0.00487EPSS
Exploits0References9
CVE
CVE
added 2025/12/19 4:37 p.m.14 views

CVE-2025-66580

CVE-2025-66580 affects the Dive open-source MCP Host Desktop Application. Versions prior to 0.11.1 contain a critical Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram rendering component that allows execution of arbitrary JavaScript via the javascript: URI. An attacker could...

9.6CVSS5.7AI score0.00478EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

Dive 安全漏洞

Dive is an OpenAgentPlatform open source MCP hosted desktop application. A security vulnerability exists in Dive versions prior to 0.11.1, which stems from a Mermaid chart rendering component that allows arbitrary JavaScript to be executed, potentially leading to remote code execution...

9.6CVSS7.7AI score0.00478EPSS
Exploits1References2
NVD
NVD
added 2025/12/01 11:15 p.m.7 views

CVE-2025-66448

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

8.8CVSS0.00598EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

vLLM 代码注入漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code injection vulnerability exists in vLLM versions prior to 0.11.1 that stems from the presence of a remote code execution vector in the NemotronNanoVLConfig configuration class, which could...

8.8CVSS6.5AI score0.00598EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/21 1:22 a.m.12 views

CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

8.3CVSS0.00331EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.4 views

vLLM 缓冲区错误漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A buffer error vulnerability exists in vLLM versions 0.10.2 through prior to 0.11.1, which stems from the presence of a memory corruption in the Completions API endpoint that could lead to a cras...

8.8CVSS7.9AI score0.00831EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2010/02/12 7:30 p.m.20 views

CVE-2010-0297

Buffer overflow in the usbhosthandlecontrol function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service guest OS crash or hang or possibly execute arbitrary code on the host OS via a crafted USB packet...

7.2CVSS6.2AI score0.00515EPSS
Exploits0References1
Rows per page
Query Builder