Lucene search
+L

239 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 5:30 a.m.7 views

CVE-2026-55574

A flaw was found in vLLM, a high-throughput and memory-efficient inference and serving engine for large language models LLMs. A remote attacker could exploit this vulnerability by providing a specially crafted regular expression to the structuredoutputs.regex API parameter. This adversarial regex...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:5 p.m.6 views

CVE-2026-55574

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/07/04 3:12 a.m.8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the lib2to3.pgen2.grammar.Grammar.loads function. An attacker can execute arbitrary code by providing a...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.14 views

CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS0.00427EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.16 views

CVE-2025-71359

The CVE concerns the Python package picklescan prior to version 0.0.29, where the vulnerability lies in deserializing pickle payloads that leverage lib2to3.pgen2.grammar.Grammar.loads within the reduce method. This can enable remote code execution during pickle.load() , by crafting pickle files t...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.45 views

CVE-2025-71359 picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS0.00427EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/04 1:23 a.m.16 views

EUVD-2025-210416

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 1:23 a.m.4 views

CVE-2025-71359 picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

7.6CVSS6.3AI score0.00427EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/01 7:43 p.m.7 views

CVE-2026-13500

A flaw was found in ANTLR4. A remote attacker could exploit a weakness within the Grammar Action Block Handler component by executing a manipulation. This vulnerability allows for code injection, which can lead to the execution of arbitrary code on the affected system. Mitigation Mitigation for...

7.5CVSS7.4AI score0.00311EPSS
Exploits0References8
NVD
NVD
added 2026/06/28 3:16 p.m.13 views

CVE-2026-13500

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS0.00311EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/28 2:45 p.m.12 views

EUVD-2026-40000

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 2:45 p.m.40 views

CVE-2026-13502 antlr ANTLR4 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS0.00091EPSS
Exploits0References5
CVE
CVE
added 2026/06/28 2:45 p.m.34 views

CVE-2026-13502

The CVE-2026-13502 entry concerns antlr ANTLR4 up to 4.13.2. It affects the function ObjectInputStream.readObject in the antlr4-maven-plugin’s GrammarDependencies.java, indicating a time-of-check time-of-use issue. The attack is restricted to local execution and requires a high degree of complexi...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 2:15 p.m.37 views

CVE-2026-13500 antlr ANTLR4 Grammar Action Block OutputFile.java code injection

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS0.00311EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/28 2:15 p.m.9 views

EUVD-2026-39998

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS5.6AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/28 2:15 p.m.10 views

CVE-2026-13500

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/28 2:15 p.m.47 views

CVE-2026-13500

The CVE-2026-13500 issue affects antlr ANTLR4 up to 4.13.2, specifically the Grammar Action Block Handler’s OutputFile.java in the tool. The underlying problem is a manipulation of OutputFile.java that can cause code injection. The vulnerability is described as exploitable remotely, with a public...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.15 views

PT-2026-53111

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the Grammar Action Block Handler component within the file tool/src/org/antlr/v4/codegen/model/OutputFile.java. A remote attacker can perform a manipulation that leads to code...

7.5CVSS7.5AI score0.00311EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-13502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file...

4.5CVSS5.1AI score0.00091EPSS
Exploits0References3
Rows per page
Query Builder