CVE-2026-5497 Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

PT-2026-45810

Name of the Vulnerable Software and Affected Versions Dräger Infinity M300 versions prior to VG2.3.2 Description A network-based denial of service issue exists that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. This...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : skopeo (RHSA-2026:9098)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9098 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

MiracleLinux 9 : skopeo-1.16.1-1.el9 (AXSA:2024-9102:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9102:06 advisory. containers/image: digest type does not guarantee valid type CVE-2024-3727 golang: net: malformed DNS message can cause infinite loop CVE-2024-24788...

MiracleLinux 4 : kernel-2.6.32-642.11.1.el6 (AXSA:2016-1154:09)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1154:09 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operatin...

mariadb:10.11 security update

An update is available for galera, mariadb, module.mariadb, module.galera. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a multi-user, multi-threade...

CVE-2025-68148 FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After

FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in...

Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

Linux Distros Unpatched Vulnerability : CVE-2017-10296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily...

rsfiles!

Extension: RSFiles! Version: Old 1.17.7 / New 1.17.8 Update details: Versions affected 1.16.3 through 1.17.7. Allows unauthenticated remote attackers to deny access to service via search component. Fixed in 1.17.8 Update URL:...

LibreCAD Denial Vulnerability

LibreCAD is an open source CAD Computer Aided Design application from the LibreCAD organization. A denial of service vulnerability in LibreCAD version 2.2.0, which originates from a null pointer dereference in the HATCH handling of libdxfrw, can be exploited by an attacker to crash the applicatio...

Cisco Firepower Threat Defense（FTD）和Cisco Adaptive Security Appliances Software（ASA Software）安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software SSL/TLS Denial, which arises from an...

UBUNTU-CVE-2017-8374

The madbitskip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...

Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability

...