Lucene search
K

42 matches found

Nuclei
Nuclei
added 15 hours ago10 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.8AI score0.03816EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/17 2:4 p.m.20 views

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

9.8CVSS6.8AI score0.03816EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/28 12:0 a.m.5 views

EUVD-2025-209582

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

vLLM 日志信息泄露漏洞

vLLM is an open-source solution designed for LLM-based systems, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM from 0.8.3 to 0.14.1 contained a vulnerability related to log information leakage. This vulnerability occurred due to the exposure of heap...

9.8CVSS7.1AI score0.03816EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2019-1010025)

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is ASLR bypass itself is not a vulnerability. This plugin only works with Tenable.ot. Please visit...

5.3CVSS6.4AI score0.02286EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-26887

Malicious code in bioql PyPI...

8.4CVSS6.4AI score0.00099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/07 8:30 a.m.7 views

CVE-2025-58280

Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS6.9AI score0.00099EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 8:15 a.m.4 views

CVE-2025-58280

Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 8:15 a.m.4 views

CVE-2025-58280

Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS0.00099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/05 7:55 a.m.3 views

CVE-2025-58280

Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS6.5AI score0.00099EPSS
Exploits0References1
CVE
CVE
added 2025/09/05 7:55 a.m.19 views

CVE-2025-58280

CVE-2025-58280 concerns the Huawei HarmonyOS Ark eTS module, where a flaw exposes object heap addresses. The available sources describe an availability impact if exploited. The PT-2025-36117 entry explicitly notes that affected versions are not specified and provides no information about a newer ...

8.4CVSS6.4AI score0.00099EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/05 7:55 a.m.7 views

CVE-2025-58280

Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.5 views

PT-2025-36117

Name of the Vulnerable Software and Affected Versions: Ark eTS module affected versions not specified Description: The Ark eTS module has a flaw that exposes object heap addresses. Successful exploitation of this issue may affect availability. Recommendations: At the moment, there is no informati...

8.4CVSS6.2AI score0.00099EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.24 views

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...

8.3AI score0.01944EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2023/02/28 8:24 a.m.9 views

kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...

7.8CVSS7.1AI score0.01944EPSS
Exploits5References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1202

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT...

4.3CVSS8.7AI score0.02416EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.4 views

SUSE CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...

5.3CVSS8.1AI score0.01867EPSS
Exploits1References9
NVD
NVD
added 2020/01/08 10:15 p.m.24 views

CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...

5.3CVSS6AI score0.01867EPSS
Exploits1References7
OSV
OSV
added 2020/01/08 10:15 p.m.4 views

CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...

5.3CVSS6.7AI score0.01867EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2020/01/08 10:15 p.m.25 views

CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...

5.3CVSS6.8AI score0.01867EPSS
Exploits1References7
Rows per page
Query Builder