Lucene search
K

719 matches found

SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.11 views

SUSE CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 2:0 p.m.123 views

CVE-2026-44893

Netty CVE-2026-44893 affects netty-codec-haproxy prior to 4.1.135.Final and 4.2.15.Final. During PP2_TYPE_SSL TLV decoding, HAProxyMessage.readNextTLV() retains a slice before reading the client (1 byte) and verify (4 bytes). If TLV length

7.5CVSS5.4AI score0.00594EPSS
Exploits0References12Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.8 views

keycloak: Keycloak: Denial of Service via malformed Authorization header

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

5.3CVSS5.5AI score0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.8 views

CVE-2026-44222

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

7.5CVSS5.5AI score0.00414EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/01 10:5 p.m.38 views

CVE-2026-25276 Improper Validation of Array Index in Secure Processor

Memory corruption while using Strongbox due to missing bounds check...

8.8CVSS0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:36 p.m.37 views

CVE-2026-42500 Panic when reading out of bound palette index in golang.org/x/image/bmp

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

0.00384EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 6:16 a.m.17 views

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

5.3CVSS0.00417EPSS
Exploits0References6
NVD
NVD
added 2026/05/12 8:16 p.m.9 views

CVE-2026-44222

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

7.5CVSS0.00414EPSS
Exploits1References2
CVE
CVE
added 2026/05/12 7:57 p.m.31 views

CVE-2026-44222

CVE-2026-44222 (vLLM) affects vLLM versions 0.6.1 through 0.19.x where a token-injection vulnerability in multimodal processing allows unauthenticated text prompts containing special tokens to be interpreted as control. When image/video placeholder sequences are provided without corresponding dat...

7.5CVSS5.8AI score0.00414EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:57 p.m.50 views

CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

6.5CVSS0.00414EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 7:57 p.m.4 views

CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

6.5CVSS6AI score0.00414EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

vLLM 输入验证错误漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.6.1 to 0.20.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from token injection issues during...

7.5CVSS5.8AI score0.00414EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 11:53 a.m.4 views

CVE-2026-41643 GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS7AI score0.00503EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.13 views

SUSE CVE-2026-31777

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...

5.8AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37318

Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.1 through 0.19.x Description A Token Injection issue exists in the multimodal processing of vLLM. Unauthenticated, text-only prompts containing special tokens are interpreted as control commands. When image and video...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References6
NVD
NVD
added 2026/05/01 3:16 p.m.9 views

CVE-2026-31777

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...

5.5CVSS0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 2:15 p.m.11 views

EUVD-2026-26590

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...

5.8AI score0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/05/01 2:15 p.m.16 views

CVE-2026-31777

The CVE-2026-31777 entry concerns the Linux kernel ALSA ctxfi driver. The root cause is the driver’s missing validation of the return value from daio_device_index(), leading to incorrect assumptions and potential system instability. Documents indicate this has been resolved via patches. Remediati...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.12 views

PT-2026-36412

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing error check in the ALSA ctxfi driver occurs because the driver assumes the daio device index function always returns a proper value. This lack of validation can lead to stabili...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References73
NVD
NVD
added 2026/04/23 7:17 p.m.13 views

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS0.00377EPSS
Exploits1References4
Rows per page
Query Builder