Lucene search
K

16 matches found

OSV
OSV
added 2026/06/17 2:4 p.m.4 views

GHSA-HGG8-FQQC-VFMW vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

5.3CVSS5.7AI score0.00796EPSS
Exploits1References4
NVD
NVD
added 2026/02/02 11:16 p.m.10 views

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS0.03816EPSS
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2022/08/02 12:0 a.m.8 views

The vulnerability in the `core/lib/iomgr/error.c` file of the Google GRPC system, related to out-of-buffer writing, allows a attacker to cause memory corruption and execute arbitrary code.

The vulnerability in the core/lib/iomgr/error.c function of the Google GRPC system is related to buffer out-of-bounds writing. Exploiting this vulnerability could allow a remote attacker to cause memory corruption and execute arbitrary code...

10CVSS8.4AI score0.02368EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.4 views

CVE-2022-33024

There is an Assertion int decodepreR13entitiesBITCODERL, BITCODERL, unsigned int, BITCODERL, BITCODERL, BitChain , DwgData ' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608...

7.5CVSS5.8AI score0.00987EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2019/11/05 12:0 a.m.3 views

September 24, 2019—KB4516048 (Preview of Monthly Rollup)

September 24, 2019—KB4516048 Preview of Monthly Rollup IMPORTANT Verify that you have installed the recommended updates listed in the How to get this update section before installing this update. For all updates starting with August 13, 2019, we strongly recommend that you install these updates t...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/08/23 12:0 a.m.2 views

Microsoft Windows and Windows Server Input Validation Error Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An input validation error vulnerability exists in fontsub.dll in Microsoft Windows and...

9.3CVSS6.8AI score0.13055EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/09/20 6:29 a.m.25 views

CVE-2018-17237

A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207...

6.5CVSS6.9AI score0.01487EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2017/10/11 12:0 a.m.48 views

Microsoft Windows Multiple Vulnerabilities (KB4041693)

This host is missing a critical security update according to Microsoft KB4041693 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.64132EPSS
Exploits18References29
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.5 views

The vulnerability of the Thunderbird email client, which allows a malicious actor to execute arbitrary code

Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the cairotruetypeindextoucs4 function in the Cairo library. Exploiting this vulnerability allows malicious actors to execute arbitrary code using a specially crafted extension that processes fon...

7.6CVSS7.6AI score0.0503EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2015/01/23 12:0 a.m.25 views

CentOS Update for glibc CESA-2015:0016 centos6

Check the version of glibc SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882090";...

5CVSS8.2AI score0.06564EPSS
Exploits1References2
OSV
OSV
added 2014/08/29 4:55 p.m.8 views

CVE-2014-5119

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

7.5CVSS7.7AI score0.18099EPSS
Exploits4References27
seebug.org
seebug.org
added 2007/07/31 12:0 a.m.26 views

CrystalPlayer 1.98 Playlist Crafted mls File Local Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl Crystal Player 1.98 Playlist.mls File Local Buffer Overflow Exploit Source:: http://www.crystalplayer.com/CrystalPro.exe Credit To Timq For The Vulnerability POC By Arham Muhammad While Debugging EIP And EBP Successfully Gets Overwritten! Upon...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/07/26 12:0 a.m.23 views

CrystalPlayer 1.98 - .mls Local Buffer Overflow

CrystalPlayer 1.98 - .mls Local Buffer Overflow !/usr/bin/perl Crystal Player 1.98 Playlist.mls File Local Buffer Overflow Exploit Source:: http://www.crystalplayer.com/CrystalPro.exe Credit To Timq For The Vulnerability POC By Arham Muhammad While Debugging EIP And EBP Successfully Gets...

0.1AI score
Exploits0
Ubuntu
Ubuntu
added 2006/03/23 10:44 p.m.56 views

USN-265-1: cairo/Evolution library vulnerability

When rendering glyphs, the cairo graphics rendering library did not check the maximum length of character strings. A request to display an excessively long string with cairo caused a program crash due to an X library error. Mike Davis discovered that this could be turned into a Denial of Service...

5CVSS5.7AI score0.10765EPSS
Exploits1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.26 views

CVE-2002-1446

The error checking routine used for the CVerify call on a symmetric verification key in the nCipher PKCS11 library 1.2.0 and later returns the CKROK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages...

6.6AI score0.01351EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/12/21 12:0 a.m.23 views

Weak nCipher PKCS#11 encryption

Library error may lead to uncrypted key in certificate...

2.3AI score
Exploits0References1
Rows per page
Query Builder