CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

UbuntuCve•added 2026/04/01 6:16 p.m.•2 views

CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.4AI score0.00416EPSS

Exploits2References3

Cvelist•added 2026/03/24 8:24 p.m.•18 views

CVE-2026-24151

NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00073EPSS

Exploits0References3

OSV•added 2026/02/26 12:36 a.m.•3 views

CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

6.5CVSS5.9AI score0.00076EPSS

Exploits1References4

OSV•added 2025/10/16 5:15 p.m.•1 views

UBUNTU-CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

6.5CVSS5.8AI score0.00035EPSS

Exploits0References5