1372 matches found
CVE-2026-63086
text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...
CVE-2026-63086
The CVE-2026-63086 entry concerns text-generation-inference 3.3.7, with an SSRF flaw in the OpenAI-compatible multimodal chat completions endpoint. The fetch_image function in router/src/validation.rs does not validate addresses (private, loopback, link-local, or cloud metadata). The HTTP client ...
CVE-2026-58658
GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...
CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...
CVE-2026-56398
Open WebUI before 0.9.5 is vulnerable to stored XSS via the OAuth picture claim SVG data URI. The code infers MIME type from the URL extension (e.g., .svg) and ignores the server-provided Content-Type, then stores data URI labelling it as image/svg+xml. The profile image validator is bypassed in ...
CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...
CVE-2026-47481
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...
CVE-2026-47479
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47480
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47478
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47476
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47477
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a stack-based buffer overflow. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47475
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47482
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory after effective lifetime. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47482
Affected product: NVIDIA Triton Inference Server for Linux. Issue: a vulnerability in the memory management path causes missing release of memory after its effective lifetime, potentially enabling denial of service. Root cause as stated is memory release handling in Triton Inference Server compon...
CVE-2026-47480
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47480
CVE-2026-47480 affects NVIDIA Triton Inference Server for Linux. The vulnerability involves an attacker-caused uncaught exception in the server, with the documented impact of a potential denial of service. Concrete technical details across connected documents indicate the affected software (Trito...
CVE-2026-47479
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47479
NVIDIA Triton Inference Server for Linux is affected by CVE-2026-47479, where an attacker can cause uncontrolled resource consumption, potentially leading to denial of service. The NVIDIA security bulletin indicates this as a Denial of Service vector with CVSS v3.1 base score 7.5 (Network, Low At...
CVE-2026-47478
CVE-2026-47478 affects NVIDIA Triton Inference Server for Linux. The issue allows an attacker to cause the use of an expired file descriptor, with the documented impact being denial of service. NVIDIA’s security bulletin recommends updating to Triton Server 26.05 or later (Linux) to address the v...