CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2444-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2444-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass...

9.8CVSS7.1AI score0.00701EPSS

Exploits3References31

NVD•added 2026/02/02 11:16 p.m.•8 views

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS0.01084EPSS

Exploits0References4

OSV•added 2026/02/02 5:43 p.m.•3 views

GHSA-4R2X-XPJR-7CVV vLLM has RCE In Video Processing

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

9.8CVSS6.6AI score0.01084EPSS

Exploits0References6

Github Security Blog•added 2026/02/02 5:43 p.m.•16 views

vLLM has RCE In Video Processing

9.8CVSS6.4AI score0.01084EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-5710

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.3 through 0.14.0 Description vLLM is an inference and serving engine for large language models. A chain of issues allows for remote code execution when the service is configured to serve a video model. First, sending an inval...

9.8CVSS7.9AI score0.01084EPSS

Exploits0References23

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2009-0691

Malware in sbrugna...

9.3CVSS6.2AI score0.05633EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-0690

Malware in sbrugna...

9.3CVSS6.2AI score0.05658EPSS

Exploits0References7

Tenable Nessus•added 2025/10/07 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ffmpeg (UTSA-2025-869070)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-869070 advisory. FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. Tenable has extracted the...

6.5CVSS6AI score0.00344EPSS

Exploits0References4

CVE•added 2025/09/09 1:54 p.m.•43 views

CVE-2025-9951

FFmpeg is affected by CVE-2025-9951 due to a heap-buffer-overflow in the JPEG 2000 decoder (jpeg2000dec) that can allow remote code execution or denial of service when processing certain JPEG2000 data. Multiple advisories (Debian DLA-4440, Astra Linux, Ubuntu USN-7830-1, and Nessus entries) enume...

7.2CVSS7.7AI score0.00372EPSS

Exploits0References1

OSV•added 2025/08/15 12:39 p.m.•1 views

OESA-2025-2028 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg...

6.5CVSS7.4AI score0.00344EPSS

Exploits0References2

RedhatCVE•added 2025/05/21 7:12 p.m.•13 views

CVE-2009-0690

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 aka JPX stream, which allows remote attackers to cause a denial of service memory corruption and application crash or...

9.3CVSS8.3AI score0.05658EPSS

Exploits0References1