vLLM 输入验证错误漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. An input validation error vulnerability exists in vLLM versions 0.5.5 through prior to 0.11.1, which stems from improper handling of multimodal embedded inputs and could cause the engine...

Improper Validation of Array Index

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Array Index via the MultiModalDataParser input processor. An attacker can cause the engine to crash by submitting multimodal...

GHSA-H369-CPJJ-QFFF phppgadmin vulnerable to Cross-site Scripting

phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...

Complaint Management System reset-password.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the email and mobileno parameters of reset-password.php. An attacker can exploit this...

PT-2025-47649

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models by providing multimodal embedding inputs with a...

TencentOS Server 3: yajl (TSSA-2022:0235)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0235 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Denial Of Service (DoS)

Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to slow NFKC Unicode normalization on Windows in redirect-related functions, which allows an attacker to supply inputs with a very large number of Unicode characters to exhaust server resources and cause a denial of service...

CVE-2024-44664

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php...

OESA-2025-2678 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...

EUVD-2025-124918

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

WordPress plugin Team Members Showcase 安全漏洞

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

EUVD-2025-84351

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

CVE-2025-10161 Authentication Bypass in Turkguven's Perfektive

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

Turkguven Perfektive 安全漏洞

Turkguven Perfektive is an occupational health and safety management software from Turkguven, Turkey. A security vulnerability exists in versions prior to Turkguven Perfektive 12574 Build 2701, which stems from improperly limiting over-authentication attempts, server-side security client...

PT-2025-46330

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...