CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/18 12:31 p.m.•1 views

GHSA-36M8-W8QF-G76P SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

Github Security Blog•added 2026/05/18 12:31 p.m.•4 views

Exploits0References4

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

Exploits0References4Affected Software1

NVD•added 2026/05/18 12:16 p.m.•4 views

CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS0.00426EPSS

Vulnrichment•added 2026/05/18 10:39 a.m.•4 views

CVE-2026-7304 CVE-2026-7304

6.4AI score0.00426EPSS

Cvelist•added 2026/05/18 10:39 a.m.•38 views

CVE-2026-7304 CVE-2026-7304

0.00426EPSS

ATTACKERKB•added 2026/05/18 10:39 a.m.•4 views

CVE-2026-7304

Exploits0References3Affected Software1

CVE•added 2026/05/18 10:39 a.m.•13 views

CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, due to unvalidated deserialization of Python objects via dill.loads(). The CVE-2026-7304 entry reports a CRITICAL impact (ATT&CK/explicit exploi...

Exploits0References2Affected Software1

EUVD•added 2026/05/18 10:39 a.m.•4 views

EUVD-2026-30766

Positive Technologies•added 2026/05/18 12:0 a.m.•4 views

PT-2026-41670

6.4AI score0.00426EPSS

Exploits0References3

CNNVD•added 2026/05/18 12:0 a.m.•4 views

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; these vulnerabilities arise when the --enable-custom-logit-processor option is enabled, resulting in unvalidated deserialization of Python...

9.8CVSS6.2AI score0.00426EPSS

Exploits0References1

Packet Storm News•added 2026/01/31 12:0 a.m.•4 views

Jailbreaking LLMs Via Calibration

Safety alignment in Large Language Models LLMs often creates a systematic discrepancy between a model's aligned output and the underlying pre-aligned data distribution. We propose a framework in which the effect of safety alignment on next-token prediction is modeled as a systematic distortion of...

5.4AI score

RedhatCVE•added 2026/01/09 9:43 a.m.•2 views

CVE-2006-1099

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS7.7AI score0.02711EPSS

Exploits1References1

Packet Storm News•added 2025/11/24 12:0 a.m.•1 views

Defending Large Language Models against Jailbreak Exploits with Responsible AI Considerations

Large Language Models LLMs remain susceptible to jailbreak exploits that bypass safety filters and induce harmful or unethical behavior. This work presents a systematic taxonomy of existing jailbreak defenses across prompt-level, model-level, and training-time interventions, followed by three...

7.3AI score

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2006-1103

Malware in sbrugna...

7.5CVSS6.4AI score0.02711EPSS

Exploits1References2

Packet Storm News•added 2025/07/29 12:0 a.m.•3 views

Strategic Deflection: Defending LLMs from Logit Manipulation

With the growing adoption of Large Language Models LLMs in critical areas, ensuring their security against jailbreaking attacks is paramount. While traditional defenses primarily rely on refusing malicious prompts, recent logit-level attacks have demonstrated the ability to bypass these safeguard...

7AI score

Packet Storm News•added 2025/06/22 12:0 a.m.•2 views

Mechanistic Interpretability in the Presence of Architectural Obfuscation

Architectural obfuscation - e.g., permuting hidden-state tensors, linearly transforming embedding tables, or remapping tokens - has recently gained traction as a lightweight substitute for heavyweight cryptography in privacy-preserving large-language-model LLM inference. While recent work has sho...

6.9AI score

Packet Storm News•added 2025/06/11 12:0 a.m.•2 views

Prompt Attacks Reveal Superficial Knowledge Removal in Unlearning Methods

In this work, we show that some machine unlearning methods may fail when subjected to straightforward prompt attacks. We systematically evaluate eight unlearning techniques across three model families, and employ output-based, logit-based, and probe analysis to determine to what extent supposedly...

6.9AI score

Packet Storm News•added 2025/05/20 12:0 a.m.•4 views

SVAFD: a Secure and Verifiable Co-Aggregation Protocol for Federated Distillation

Secure Aggregation SA is an indispensable component of Federated Learning FL that concentrates on privacy preservation while allowing for robust aggregation. However, most SA designs rely heavily on the unrealistic assumption of homogeneous model architectures. Federated Distillation FD, which...

6.9AI score

Packet Storm News•added 2025/05/19 12:0 a.m.•2 views

Malware Families Discovery Via Open-Set Recognition on Android Manifest Permissions

Malware are malicious programs that are grouped into families based on their penetration technique, source code, and other characteristics. Classifying malware programs into their respective families is essential for building effective defenses against cyber threats. Machine learning models have ...

6.7AI score