42 matches found
vLLM 0.8.3 - 0.14.0 - Information Disclosure
vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...
EUVD-2025-209582
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...
vLLM 日志信息泄露漏洞
vLLM is an open-source solution designed for LLM-based systems, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM from 0.8.3 to 0.14.1 contained a vulnerability related to log information leakage. This vulnerability occurred due to the exposure of heap...
Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2019-1010025)
DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is ASLR bypass itself is not a vulnerability. This plugin only works with Tenable.ot. Please visit...
EUVD-2025-26887
Malicious code in bioql PyPI...
CVE-2025-58280
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-58280
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-58280
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-58280
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-58280
CVE-2025-58280 concerns the Huawei HarmonyOS Ark eTS module, where a flaw exposes object heap addresses. The available sources describe an availability impact if exploited. The PT-2025-36117 entry explicitly notes that affected versions are not specified and provides no information about a newer ...
CVE-2025-58280
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability...
PT-2025-36117
Name of the Vulnerable Software and Affected Versions: Ark eTS module affected versions not specified Description: The Ark eTS module has a flaw that exposes object heap addresses. Successful exploitation of this issue may affect availability. Recommendations: At the moment, there is no informati...
CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...
kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...
SUSE CVE-2011-1202
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT...
SUSE CVE-2019-17021
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...
CVE-2019-17021
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...
CVE-2019-17021
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...
CVE-2019-17021
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...