3218 matches found
CVE-2026-47471
NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service...
CVE-2026-47471
NVIDIA TensorRT-LLM (any platform) is reported vulnerable to a heap-based buffer overflow in tensor deserialization (CVE-2026-47471). Affected component: TensorRT-LLM’s tensor deserialization pathway. Consequences described: information disclosure, data tampering, and denial of service. Exploitat...
CVE-2026-47472
NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service...
CVE-2026-47472
NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer (CVE-2026-47472). A local, same-user attacker could trigger deserialization, with potential impacts including code execution, information disclosure, data tampering, and denial of service. The NVIDIA security up...
CVE-2026-47481
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...
CVE-2026-47481
CVE-2026-47481 affects NVIDIA Triton Inference Server for Linux. The vulnerability enables authentication bypass via an alternative path or channel, with potential for code execution, privilege escalation, information disclosure, and data tampering. NVIDIA’s security bulletin indicates remediatio...
CVE-2026-4017
Buffer Overflow in the entry handler of the TraceEvent system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...
CVE-2026-4018
TOCTOU Race Condition in specific trace commands of the TraceEvent system call could allow an attacker with local access and with the PROCMGRAIDTRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...
CVE-2026-4018
CVE-2026-4018 describes a TOCTOU race condition in specific trace commands of the TraceEvent() system call in the QNX Neutrino kernel, affecting versions of the QNX Software Development Platform and QNX OS for Safety. The vulnerability could allow a local attacker with PROCMGR_AID_TRACE privilege...
CVE-2026-4018 TOCTOU race condition in the QNX Neutrino kernel impacts versions of the QNX Software Development Platform and QNX OS for Safety
TOCTOU Race Condition in specific trace commands of the TraceEvent system call could allow an attacker with local access and with the PROCMGRAIDTRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...
PT-2026-58746
Name of the Vulnerable Software and Affected Versions NVIDIA TensorRT-LLM for Linux affected versions not specified Description A flaw exists in the restricted unpickler used for model weight deserialization. This allows a local, unauthenticated attacker to trigger the deserialization of untruste...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...
EUVD-2026-41544
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...
CVE-2026-41123
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged...
CVE-2026-41123
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged...
axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could le...
Deserialization of Untrusted Data
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data...
Deserialization of Untrusted Data
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...
CVE-2026-24270
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering...
CVE-2026-24246
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...