Lucene search
K

168 matches found

OSV
OSV
added 6 days ago5 views

PYSEC-2026-567 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service

Impacted Environments This issue ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. Summary vLLM supports the use of the PyNcclPipe class to establish a peer-to-peer communication domain for data transmission...

9.8CVSS7.9AI score0.00959EPSS
Exploits1References8
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5487 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault

HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 11:45 a.m.5 views

BIT-MILVUS-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

7CVSS4.4AI score0.00089EPSS
Exploits0References9
CVE
CVE
added 2026/06/10 5:16 p.m.60 views

CVE-2026-20251

CVE-2026-20251 affects Splunk Enterprise (versions below 10.2.4/10.0.7/9.4.12/9.3.13), Splunk Cloud Platform (below 10.3.2512.12/10.2.2510.14/10.1.2507.22/9.3.2411.132), and Splunk Secure Gateway (below 3.10.6/3.9.20/3.8.67). A low-privileged user (not admin/power) can achieve Remote Code Executi...

8.8CVSS5.8AI score0.00575EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48491

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...

8.8CVSS5.9AI score0.00575EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0601)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0601 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12,...

8.8CVSS6AI score0.00575EPSS
Exploits1References2
NVD
NVD
added 2026/06/05 2:17 a.m.13 views

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS0.00112EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 12:30 a.m.9 views

CVE-2026-11312 bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS4.8AI score0.00112EPSS
Exploits0References6
CVE
CVE
added 2026/06/05 12:30 a.m.14 views

CVE-2026-11312

Bytedance InfiniStore vulnerable up to 0.2.33 via the purge_kv_map function in infinistore.h (KV Map Handler). Manipulation leads to inefficient algorithmic complexity. Attack requires local access; exploit publicly disclosed. No remediation details provided in the supplied documents.

4.8CVSS5.4AI score0.00112EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:30 a.m.7 views

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS4.8AI score0.00112EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-46877

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge kv map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.7 views

InfiniStore 安全漏洞

InfiniStore is a high-performance Key-Value cache storage tool open-sourced by Bytedance Inc. Versions of InfiniStore 0.2.33 and earlier contain security vulnerabilities, which stem from an algorithmic complexity issue in the purgekvmap function of the KV Map Handler component’s src/infinistore.h...

4.8CVSS4.5AI score0.00112EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 4:16 p.m.12 views

CVE-2026-10813

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

3.6CVSS0.00075EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/04 3:0 p.m.35 views

CVE-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

4.5CVSS0.00089EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:0 p.m.9 views

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

4.5CVSS4.8AI score0.00089EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/06/04 2:45 p.m.20 views

CVE-2026-10813

Technical details about CVE-2026-10813 are not publicly available in the provided documents. Monitor for updates from LMCache advisories for affected components, impact, and patch availability.

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:45 p.m.6 views

CVE-2026-10813

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/04 2:45 p.m.8 views

CVE-2026-10813 LMCache KV Cache utils.py hex_hash_to_int16 weak hash

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

LMCache 安全漏洞

LMCache is an open-source large-scale caching tool developed by LMCache. Versions of LMCache 0.4.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the hexhashtoint16 function in the KV Cache Handler component’s lmcache/integration/vllm/utils.py file, which used ...

3.6CVSS5AI score0.00075EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/29 6:28 p.m.30 views

CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00132EPSS
Exploits0References2
Rows per page
Query Builder