CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/02 10:36 a.m.•9 views

CVE-2026-0599

CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...

7.5CVSS5.5AI score0.00273EPSS

Cvelist•added 2026/02/02 10:36 a.m.•27 views

CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference

7.5CVSS0.00273EPSS

EUVD•added 2026/02/02 10:36 a.m.•4 views

EUVD-2026-5137

7.5CVSS5.5AI score0.00273EPSS

Tenable Nessus•added 2026/02/02 12:0 a.m.•2 views

Fedora 42 : chromium (2026-64e9a195d3)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-64e9a195d3 advisory. Update to 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block directly...

6.5CVSS5.5AI score0.00059EPSS

OPENSUSE Linux•added 2026/02/02 12:0 a.m.•3 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0034-1 Rating: important References: 1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Chromium was...

6.5CVSS7.1AI score0.00059EPSS

Exploits1References1

CNNVD•added 2026/02/02 12:0 a.m.•3 views

Text Generation Inference 资源管理错误漏洞

Text Generation Inference is a Rust, Python, and gRPC server developed by Hugging Face for text generation inference. Version 3.3.6 of Text Generation Inference contains a resource management vulnerability. This vulnerability stems from the unlimited acquisition of external images during input...

7.5CVSS7.1AI score0.00273EPSS

Exploits0References3

OPENSUSE Linux•added 2026/02/02 12:0 a.m.•2 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0035-1 Rating: important References: 1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: Chromium was...

6.5CVSS7.1AI score0.00059EPSS

Exploits1References1

Tenable Nessus•added 2026/02/01 12:0 a.m.•2 views

Fedora 43 : chromium (2026-ffccca9880)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ffccca9880 advisory. Update to 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block directly...

6.5CVSS5.5AI score0.00059EPSS

vulnersOsv•added 2026/01/30 9:17 p.m.•3 views

@orval/angular (>=8.0.0 <=8.1.0), @orval/axios (>=8.0.0 <=8.1.0) +9 more potentially affected by CVE-2026-25141 via @orval/core (>=8.0.0 <=8.1.0)

@orval/core NPM version =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.1.0 Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...

9.8CVSS5.8AI score0.00034EPSS

Exploits1

Microsoft CVE•added 2026/01/30 11:20 a.m.•9 views

Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE•added 2026/01/30 12:26 a.m.•2 views

Exploits1

SUSE CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

GoogleProjectZero•added 2026/01/30 12:0 a.m.•15 views

Exploits1References3

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

Posted by Dillon Franke, Google Information Security Engineering, 20% time on Project Zero In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability CVE-2024-54529 and a double-free vulnerability CVE-2025-312...

7.8CVSS6.2AI score0.00237EPSS

Exploits2

Tenable Nessus•added 2026/01/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-1504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted...

Positive Technologies•added 2026/01/28 12:0 a.m.•2 views

PT-2026-5058

Name of the Vulnerable Software and Affected Versions TableMaster for Elementor versions up to and including 1.3.6 Description The TableMaster for Elementor plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin does not limit the URLs that can be...

7.2CVSS5.5AI score0.00015EPSS

Exploits0References9

OSV•added 2026/01/27 9:16 p.m.•0 views

CVE-2026-1504

6.5CVSS5.8AI score

NVD•added 2026/01/27 9:16 p.m.•3 views

CVE-2026-1504

6.5CVSS0.00059EPSS

OSV•added 2026/01/27 9:16 p.m.•3 views

DEBIAN-CVE-2026-1504

6.5CVSS8.7AI score0.00059EPSS

Exploits1References1

CVE•added 2026/01/27 8:46 p.m.•42 views

CVE-2026-1504

CVE-2026-1504 concerns the Background Fetch API in Chromium/Google Chrome, where an inappropriate implementation allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Chromium/Chrome prior to 144.0.7559.110 (per the initial description). The root cause ...