686 matches found
EUVD-2026-43311
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...
FTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an FTP server. Listen for a connection Module Options msf use payload/cmd/windows/ftp/x86/vncinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options... msf...
CVE-2026-54033 LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...
CVE-2026-54033
LibreChat exposes an SSRF risk in its baseURL handling: prior to version 0.8.4-rc1, an authenticated user could set a custom OpenAI-compatible API endpoint baseURL and have requests constructed without SSRF validation (no private IP check, no scheme restriction, no DNS pinning). This allowed dire...
EUVD-2026-39460
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...
nginx: ngx_http_rewrite_module: code execution and denial of service
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
nginx: ngx_http_rewrite_module: code execution and denial of service
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
CVE-2026-48782 pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...
PT-2026-50129
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...
GHSA-38CX-CQ6F-5755 Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
Description Symfony\Component\HttpClient\NoPrivateNetworkHttpClient is documented as a decorator that blocks requests to private networks by default. The list of blocked subnets Symfony\Component\HttpFoundation\IpUtils::PRIVATESUBNETS on 6.4+, a private constant in NoPrivateNetworkHttpClient on 5...
[SECURITY] Fedora 43 Update: vaultwarden-1.36.0-1.fc43
Unofficial Bitwarden compatible server...
[SECURITY] Fedora 44 Update: vaultwarden-1.36.0-1.fc44
Unofficial Bitwarden compatible server...
CVE-2026-5497
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...
EUVD-2026-36217
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...
CVE-2026-5497
CVE-2026-5497 affects vLLM 0.8.0 and later, where VideoMediaIO.load_base64() can perform unbounded frame processing for video/jpeg data URLs, leading to an Out-of-Memory DoS. An attacker can craft a single API request with thousands of comma-separated base64 JPEG frames, causing the server to dec...
CVE-2026-9540
A flaw was found in vllm-project vllm, specifically within its OpenAI-compatible Serving Path. A remote attacker could exploit this vulnerability by manipulating certain processing, leading to a denial of service DoS. This could make the affected service unavailable to legitimate users. The issue...
GHSA-98F3-HWG4-4RF7 vllm has Improper Resource Shutdown or Release
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
Improper Resource Shutdown or Release
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the OpenAI-compatible Serving Path component. An attacker can cause the service to become unavailable by...
CVE-2026-9540
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...