CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

CVE-2026-34755

vLLM's VideoMediaIO.load_base64("video/jpeg") path has an unbounded frame-splitting bug: data.split(",") bypasses the intended frame-count limit (default 32) used by the binary path, allowing a single request with thousands of comma-separated base64 JPEG frames. This can cause the server to decod...

CVE-2026-21381 Buffer Over-read in WLAN Firmware

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection...

CVE-2026-21367 Buffer Over-read in WLAN Firmware

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans...

CVE-2026-21367 Buffer Over-read in WLAN Firmware

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans...

CVE-2026-21367

Technical details such as affected vendors, products, versions, and root cause are not publicly provided in the connected documents. Monitor for updates from Red Hat, ENISA, CVE references, and vendor advisories for concrete remediation information.

PT-2026-30640

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from the reception of service data frames with excessively long lengths during device matching via Neighbor Discovery protocol...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from handling non-standard FILS discovery frames with oversized operations during initial scanning, potentially leading to sudden...

CVE-2026-34775

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

SUSE CVE-2026-31935

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...

Allocation of Resources Without Limits or Throttling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of a frame count limit in the loadbase64 function when processing video/jpeg...

OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)

Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleas...

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call process. An attacker can cause excessive resource consumption by sending oversized WebSocket frames before...

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call process. An attacker can cause excessive resource consumption by sending oversized WebSocket frames before validati...

GHSA-2W79-R9G8-WMCR OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)

Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleas...

GHSA-XWR5-M59H-VWQR Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

CVE-2026-31935

A flaw was found in Suricata. A remote attacker can exploit this vulnerability by sending a flood of crafted HTTP2 continuation frames. This can lead to memory exhaustion, causing the Suricata process to shut down, resulting in a Denial of Service DoS. Mitigation To mitigate this issue, consider...

CVE-2026-31935

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...

DEBIAN-CVE-2026-31935

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...