93 matches found
EUVD-2026-40820
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14133
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14133
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14133
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14133
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-14133
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
PT-2026-54408
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A race condition in History Embeddings allows a remote attacker to perform UI spoofing by using a crafted HTML page. Recommendations Update Google Chrome to version 150.0.7871.47 or lat...
CVE-2026-56340
vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...
CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings
vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...
CVE-2026-56340
vLLM versions >= 0.10.2 and
CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings
vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...
PT-2026-51172
Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...
Semantic Multi-Agent Intrusion Detection for IoT:Zero-Day and Adversarial Threats with Risk-Aware Reasoning
The rapid proliferation of Internet of Things IoT devices has enabled unprecedented automation and connectivity, but it has also substantially increased the attack surface, exposing networks to sophisticated cyber threats, including zero-day and adversarial intrusions. Traditional Intrusion...
The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals
Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...
CVE-2026-45667 Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...
CVE-2026-44563
Open WebUI/Open WebUI’s Ollama integration vulnerability (CVE-2026-44563) affects the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints. These endpoints forward a user-supplied model name to the Ollama backend without enforcing AccessGrants.has_access(), effectively bypassing mo...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints, which accepted...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/memories/ef endpoint. An attacker can trigger embedding generation and consume computational resources or incur costs by making unauthenticated requests to this endpoint...
PT-2026-41200
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The endpoint "/api/v1/memories/ef" is accessible without authentication and executes the function request.app.state.EMBEDDING FUNCTION. This allows unauthenticated users to trigger embedding...
Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem
The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...