CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7606 matches found

CVE-2026-54235

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

6.9CVSS0.00318EPSS

Exploits1References3

ATTACKERKB•added 2 days ago•4 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS5.8AI score0.00142EPSS

Exploits0References5Affected Software1

CVE•added 2 days ago•14 views

CVE-2026-54233

Affected software: vLLM (inference/serving engine). Vulnerability: decoding an audio file on the /v1/audio/transcriptions endpoint can cause extreme memory growth. A 25 MB OPUS upload decodes to about 14.9 GB of float32 PCM, because the audio decoder concatenates all frames in memory before retur...

6.5CVSS5.8AI score0.00254EPSS

Exploits0References2Affected Software1

CVE•added 2 days ago•13 views

CVE-2026-53923

Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...

7.5CVSS5.8AI score0.00321EPSS

Exploits0References3Affected Software1

EUVD•added 2 days ago•8 views

EUVD-2026-38385

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS5.8AI score0.00207EPSS

Exploits0References1

NVD•added 2 days ago•6 views

CVE-2026-42127

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS0.00432EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2026-38309

7.5CVSS5.9AI score0.00432EPSS

Exploits0References1

AlpineLinux•added 2 days ago•8 views

CVE-2026-42127

7.5CVSS5.9AI score0.00432EPSS

Exploits0

Tenable Nessus•added 4 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS6.6AI score0.01823EPSS

Exploits1References3

NVD•added 5 days ago•7 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00184EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•5 views

CVE-2026-49346

7.1CVSS5.9AI score0.00184EPSS

Exploits0References3Affected Software1

Cvelist•added 5 days ago•16 views

CVE-2026-49293 CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00339EPSS

Exploits0References3

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block devices with logical block size page size will be rejected when THP is disabled. If THP is disabled and there are block devices with logical block size page size, the following nullptrderef panic occurs during boot: 13.2 mK...

5.5CVSS5.3AI score0.00128EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in git-lfs

Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...

8.5CVSS7.2AI score0.0104EPSS

Exploits0References2

AstraLinux•added 5 days ago•9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...

5.5CVSS6.2AI score0.00175EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...

7.5CVSS6.7AI score0.2421EPSS

Exploits2References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block: Fix to add folio to bio. A size of 4GB for folio is possible on some ARCHs, such as aarch64. A size of 16GB for hugepage is also supported. However, the “offset” of folio cannot be stored in “unsigned int”, which causes a...

5.5CVSS6AI score0.00152EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Apache2

If the Apache HTTP Server 2.4.53 is configured to perform transformations using modsed, especially in contexts where the input to modsed can be very large, modsed may cause excessive memory allocation and trigger an abort...

7.5CVSS7.5AI score0.90407EPSS

Exploits0References2

AstraLinux•added 5 days ago•1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: Use memallocnofssave in pagecacheraorder. See commit f2c817bed58d “mm: Use memallocnofssave in readahead”, ensure that pagecacheraorder does not attempt to reclaim file-backed pages too often, as this can lead to a deadlock...

5.5CVSS6.1AI score0.0018EPSS

Exploits0References2

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in the way Samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it, an attacker could replace the later fragments with their own data, thereby bypassing the signature requirements...

7.5CVSS7.6AI score0.01906EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by