Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/22 10:18 p.m.6 views

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:42 p.m.2 views

CVE-2026-39972

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

7.1CVSS5.9AI score0.00341EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:43 p.m.6 views

CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

6.2CVSS5.9AI score0.00156EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/08/12 5:15 p.m.4 views

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS0.00454EPSS
Exploits0References2
Rows per page
Query Builder