61 matches found
CVE-2026-9692
Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...
EUVD-2026-37926
Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...
PT-2026-50778
Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...
GHSA-HGG8-FQQC-VFMW vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...
CVE-2025-60887
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...
CVE-2026-22778
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the...
CVE-2026-22778
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
CVE-2026-22778
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
CVE-2026-22778
Summary of CVE-2026-22778 : A vulnerability in vLLM (0.8.3–0.14.0) lets an attacker send an invalid image to the multimodal endpoint, causing PIL to leak a heap address. This information disclosure can be chained with a heap overflow in the JPEG2000 decoder used by OpenCV/FFmpeg to achieve remote...
CVE-2026-22778 vLLM leaks a heap address when PIL throws an error
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
CVE-2026-22778 vLLM leaks a heap address when PIL throws an error
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
PT-2026-5710
Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.3 through 0.14.0 Description vLLM is an inference and serving engine for large language models LLMs. A chain of issues allows for remote code execution RCE when a video model is enabled. First, sending an invalid image to the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000217)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000217 advisory. A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. Tenable has extracted the preceding description block...
EUVD-2019-7495
Malware in sbrugna...
EUVD-2021-23636
Malware in sbrugna...
EUVD-2019-13098
Malware in sbrugna...
welpwn
Introduction Pwnning is an art. welpwn is designed to make pwnning an art, freeing you from dozens of meaningless jobs. Features - Automatically get those magic values for you. - libc address - heap address - stack address - program address with PIE - canary - Support multi glibc debugging. - 2.1...
CVE-2021-37060
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage...
Linux Distros Unpatched Vulnerability : CVE-2019-3459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. CVE-2019-3459 Note that Nessus relies on the...
Nuuo Central Management Server User Session Token Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...