Lucene search
K

6 matches found

NVD
NVD
added 2026/06/22 11:16 p.m.10 views

CVE-2026-54232

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS0.00304EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 10:16 p.m.31 views

CVE-2026-54232

vLLM prior to 0.22.1 is affected by a dependency confusion flaw in its Dockerfile. The vulnerability arises from installing flashinfer-jit-cache from a private index (flashinfer.ai/whl/) via --extra-index-url while the package name was not registered on PyPI and UV_INDEX_STRATEGY is set to unsafe...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 10:16 p.m.6 views

CVE-2026-54232

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 10:16 p.m.24 views

CVE-2026-54232 vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS0.00304EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51418

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.1 Description vLLM is an inference and serving engine for large language models. The Dockerfile is susceptible to a dependency confusion attack involving the flashinfer-jit-cache package. This occurs because the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References6
Kitploit
Kitploit
added 2019/10/13 8:30 p.m.135 views

uniFuzzer - A Fuzzing Tool For Closed-Source Binaries Based On Unicorn And LibFuzzer

uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer. Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. 中文介绍 Features very little hack and easy to build can target any specified function or code snippet...

7.5AI score
Exploits0References4
Rows per page
Query Builder