Lucene search
K

61 matches found

NVD
NVD
added 2026/06/18 7:16 p.m.11 views

CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS0.00274EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 5:53 p.m.9 views

EUVD-2026-37926

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

7.3CVSS5.2AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50778

Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...

5.3CVSS5.9AI score0.00274EPSS
Exploits0References6
OSV
OSV
added 2026/06/17 2:4 p.m.4 views

GHSA-HGG8-FQQC-VFMW vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

5.3CVSS5.7AI score0.00796EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.4 views

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 8:52 a.m.2 views

CVE-2026-22778

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the...

9.8CVSS5.4AI score0.03816EPSS
Exploits0References7
NVD
NVD
added 2026/02/02 11:16 p.m.10 views

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS0.03816EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/02/02 9:9 p.m.6 views

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS6AI score0.03816EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/02 9:9 p.m.49 views

CVE-2026-22778

Summary of CVE-2026-22778 : A vulnerability in vLLM (0.8.3–0.14.0) lets an attacker send an invalid image to the multimodal endpoint, causing PIL to leak a heap address. This information disclosure can be chained with a heap overflow in the JPEG2000 decoder used by OpenCV/FFmpeg to achieve remote...

9.8CVSS6AI score0.03816EPSS
Exploits0References15Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/02 9:9 p.m.4 views

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS6AI score0.03816EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 9:9 p.m.5 views

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS6.1AI score0.03816EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-5710

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.3 through 0.14.0 Description vLLM is an inference and serving engine for large language models LLMs. A chain of issues allows for remote code execution RCE when a video model is enabled. First, sending an invalid image to the...

9.8CVSS7.6AI score0.03816EPSS
Exploits0References42
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000217)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000217 advisory. A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. Tenable has extracted the preceding description block...

6.5CVSS6.4AI score0.01827EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7495

Malware in sbrugna...

5.3CVSS7.3AI score0.01867EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-23636

Malware in sbrugna...

7.5CVSS7.5AI score0.00672EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-13098

Malware in sbrugna...

6.5CVSS6.7AI score0.01827EPSS
Exploits1References25
Gitee
Gitee
added 2025/07/06 2:28 a.m.104 views

welpwn

Introduction Pwnning is an art. welpwn is designed to make pwnning an art, freeing you from dozens of meaningless jobs. Features - Automatically get those magic values for you. - libc address - heap address - stack address - program address with PIE - canary - Support multi glibc debugging. - 2.1...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 p.m.6 views

CVE-2021-37060

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage...

7.5CVSS6.9AI score0.00672EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2019-3459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. CVE-2019-3459 Note that Nessus relies on the...

6.5CVSS6.3AI score0.01827EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.217 views

Nuuo Central Management Server User Session Token Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...

9.8CVSS7AI score0.29639EPSS
Exploits2
Rows per page
Query Builder