CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

CVE-2026-5843 Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...

PT-2026-42831

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The MLX inference backend uses the MLX-LM library, which imports and executes arbitrary Python files from model directories via the model file configuration field in the...

NVIDIA TRT-LLM 代码问题漏洞

NVIDIA TRT-LM is a high-performance inference framework developed by NVIDIA Corporation for optimizing the inference acceleration and deployment of large language models. NVIDIA TRT-LM has code-related vulnerabilities, which stem from insecure deserialization during RPC tests. These vulnerabiliti...

NVIDIA TRT-LLM 代码问题漏洞

NVIDIA TRT-LM is a high-performance inference framework developed by NVIDIA Corporation for optimizing the inference acceleration and deployment of large language models. NVIDIA TRT-LM has code-related vulnerabilities, including deserialization vulnerabilities and insecure serialization handles,...

NVIDIA TRT-LLM 安全漏洞

NVIDIA TRT-LM is a high-performance inference framework developed by NVIDIA Corporation for optimizing the inference acceleration and deployment of large language models. NVIDIA TRT-LM contains a security vulnerability, which stems from unchecked return values leading to null pointer dereferencin...

EUVD-2026-23778

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

EUVD-2026-23780

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2026-6608 lm-sys fastchat Arena Side-by-Side View add_text control flow

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

CVE-2026-6607 lm-sys fastchat Worker API Endpoint api_generate resource consumption

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2026-6607

CVE-2026-6607 affects lm-sys FastChat up to version 0.2.36, specifically the Worker API Endpoint function api_generate. The issue allows remote manipulation leading to resource consumption; CVE details indicate a publicly disclosed exploit and a patch is available (patch id c9e84b89c91d45191dc244...

PT-2026-33713

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2025-33247

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33248

NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2026-24151

NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24152

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...