CVE-2026-7141

A flaw was found in vllm. A remote attacker can exploit a vulnerability in the hasmambalayers function within the KV Block Handler component. By performing a specific manipulation, an uninitialized resource can be triggered, potentially leading to information disclosure or denial of service. The...

GHSA-X368-4G9H-FVV4 vLLM makes Use of Uninitialized Resource

A vulnerability was found in vLLM up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

vLLM makes Use of Uninitialized Resource

A vulnerability was found in vLLM up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

Use of Uninitialized Resource

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Uninitialized Resource via the hasmambalayers function in the KV Block Handler. An attacker can cause unintended behavior by leaking data...

CVE-2026-7141

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7141 vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7141

CVE-2026-7141 affects vllm up to 0.19.0, specifically the KV Block Handler’s has_mamba_layers function in vllm/v1/kv_cache_interface.py. A manipulation can trigger an uninitialized resource, with remote initiation possible. The issue is described as high complexity and difficult exploitability, w...

PT-2026-35459

A vulnerability was found in vllm up to 0.19.0. The affected element is the function has mamba layers of the file vllm/v1/kv cache interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attac...

CVE-2025-2971

A vulnerability classified as problematic was found in ConcreteCMS up to 9.3.9. Affected by this vulnerability is an unknown functionality of the component List Block Handler. The manipulation of the argument Name/Description leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-2969

A vulnerability was found in ConcreteCMS up to 9.3.9. It has been rated as problematic. This issue affects the function Save of the component Feature Link Block Handler. The manipulation of the argument Title/Body Source/Button Text leads to cross site scripting. The attack may be initiated...

CVE-2025-2968

A vulnerability was found in ConcreteCMS up to 9.3.9. It has been declared as problematic. This vulnerability affects the function Save of the component Feature Block Handler. The manipulation of the argument Paragraph Source leads to cross site scripting. The attack can be initiated remotely. Th...

CVE-2025-2966

A vulnerability was found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this issue is the function Save of the component Content Block Handler. The manipulation of the argument Source leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-2965

A vulnerability has been found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this vulnerability is the function Save of the component Accordion Block Handler. The manipulation of the argument Title/Body Source leads to cross site scripting. The attack can be launched...

CVE-2025-2964

A vulnerability, which was classified as problematic, was found in ConcreteCMS up to 9.3.9. Affected is the function Save of the component FAQ Block Handler. The manipulation of the argument Navigation/Title Text/Description Source leads to cross site scripting. It is possible to launch the attac...

CVE-2025-2963

A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. This issue affects the function addEditQuestion of the component Legacy Form Block Handler. The manipulation of the argument Question leads to cross site scripting. The attack may be initiated remotel...

ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field

A vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-2972

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-2970

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-2969

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-2971

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...