Lucene search
+L

12 matches found

OSV
OSV
added 2026/07/06 7:49 p.m.5 views

CVE-2026-54234 vLLM: Remote DoS in vLLM via Invalid Recovered Token Reinjection

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score0.00343EPSS
Exploits1References5
NVD
NVD
added 2026/03/17 8:16 p.m.12 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

8.3CVSS0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 7:14 p.m.2 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

5.8AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 7:14 p.m.20 views

CVE-2026-4064

CVE-2026-4064 affects PowerShell Universal prior to version 2026.1.4. The issue is missing authorization checks on multiple gRPC service endpoints, enabling an authenticated user with any valid token to bypass role-based access controls and perform privileged operations. Potential impact includes...

8.3CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-14038

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

7CVSS7.2AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 6:2 p.m.26 views

CVE-2025-14038

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

7CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2884

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2024/09/19 4:15 p.m.35 views

CVE-2024-8375

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

7.8CVSS0.00123EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/19 3:50 p.m.18 views

CVE-2024-8375 Object deserialization in Reverb leading to RCE

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

5.7CVSS7.3AI score0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/19 3:50 p.m.44 views

CVE-2024-8375 Object deserialization in Reverb leading to RCE

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

5.7CVSS0.00123EPSS
Exploits0References2
CVE
CVE
added 2024/09/19 3:50 p.m.84 views

CVE-2024-8375

CVE-2024-8375 affects Google DeepMind Reverb. A use-after-free vulnerability arises when unpacking a tensor proto of type VARIANT: memory is allocated for the tensor, objects are constructed, then tensor_content is copied into pre-allocated memory, overwriting vtable pointers. This enables an att...

7.8CVSS7.3AI score0.00123EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.9 views

PT-2024-38980

Name of the Vulnerable Software and Affected Versions: Reverb versions prior to the version including git commit 6a0dcf4c9e842b7f999912f792aaa6f6bd261a25 Description: There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an...

7.8CVSS6.1AI score0.00123EPSS
Exploits0References16
Rows per page
Query Builder