Lucene search
+L

1372 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-63086

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score0.00323EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-63086

The CVE-2026-63086 entry concerns text-generation-inference 3.3.7, with an SSRF flaw in the OpenAI-compatible multimodal chat completions endpoint. The fetch_image function in router/src/validation.rs does not validate addresses (private, loopback, link-local, or cloud metadata). The HTTP client ...

8.6CVSS6.2AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-58658

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS0.0039EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS0.00229EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-56398

Open WebUI before 0.9.5 is vulnerable to stored XSS via the OAuth picture claim SVG data URI. The code infers MIME type from the URL extension (e.g., .svg) and ignores the server-provided Content-Type, then stores data URI labelling it as image/svg+xml. The profile image validator is bypassed in ...

9CVSS6.2AI score0.00338EPSS
Exploits1References2Affected Software1
OSV
OSV
added 4 days ago6 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score0.00338EPSS
Exploits1References4
NVD
NVD
added 5 days ago4 views

CVE-2026-47481

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

6.5CVSS0.00258EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-47479

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-47480

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-47478

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00301EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-47476

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00343EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-47477

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a stack-based buffer overflow. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-47475

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-47482

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory after effective lifetime. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-47482

Affected product: NVIDIA Triton Inference Server for Linux. Issue: a vulnerability in the memory management path causes missing release of memory after its effective lifetime, potentially enabling denial of service. Root cause as stated is memory release handling in Triton Inference Server compon...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-47480

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 5 days ago6 views

CVE-2026-47480

CVE-2026-47480 affects NVIDIA Triton Inference Server for Linux. The vulnerability involves an attacker-caused uncaught exception in the server, with the documented impact of a potential denial of service. Concrete technical details across connected documents indicate the affected software (Trito...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-47479

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-47479

NVIDIA Triton Inference Server for Linux is affected by CVE-2026-47479, where an attacker can cause uncontrolled resource consumption, potentially leading to denial of service. The NVIDIA security bulletin indicates this as a Denial of Service vector with CVSS v3.1 base score 7.5 (Network, Low At...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-47478

CVE-2026-47478 affects NVIDIA Triton Inference Server for Linux. The issue allows an attacker to cause the use of an expired file descriptor, with the documented impact being denial of service. NVIDIA’s security bulletin recommends updating to Triton Server 26.05 or later (Linux) to address the v...

7.5CVSS6.1AI score0.00301EPSS
Exploits0References2
Rows per page
Query Builder