CVE-2026-9675

The CVE-2026-9675 issue affects the undici WebSocket client (new WebSocket(...)) where per-frame maxPayloadSize is enforced but the cumulative size of fragmented, uncompressed messages is not. A attacker-controlled WebSocket endpoint can stream many small fragments that pass per-frame validation ...

PYSEC-2026-144

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

CVE-2026-34755

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

PT-2026-30276

Summary The VideoMediaIO.load base64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num frames parameter default: 32, which is enforced by the load bytes code path at line 47-48, ...

PT-2026-23655

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description PJSIP is a multimedia communication library written in C. A stack buffer overflow exists in the Opus codec parser when processing RTP payloads containing more frames than the allocated buffer can handle...

OESA-2025-1184 etcd security update

%expand: Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

The vulnerability of software for downloading pyload files is related to improper restrictions on the number of displayed layers or frames in the user interface. This allows a perpetrator to carry out a clickjacking attack.

The vulnerability of the software for downloading pyload files is related to improper restrictions on the number of layers or frames that can be displayed in the user interface. Exploiting this vulnerability allows a remote attacker to carry out a clickjacking attack...