55 matches found
CVE-2026-10300
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
EUVD-2026-33833
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300
SGLang 0.5.10.post1 contains a vulnerability in the Inference HTTP Endpoint, specifically in python/sglang/srt/lora/lora_manager.py where manipulation of the lora_path argument can trigger a reachable assertion. The issue is exposed over the network with high attack complexity and no authenticati...
CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
SGLang security vulnerabilities
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...
PT-2026-45663
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...
Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection
We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a...
CVE-2025-14857
An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...
CVE-2025-14859
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...
CVE-2025-14858 Semtech LR11xx Encrypted Firmware Disclosure
The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...
CVE-2025-14857
CVE-2025-14857 affects Semtech LoRa LR11xxx transceivers on early firmware versions. The flaw is an improper access control: memory write via the physical SPI interface does not enforce write protection on the program call stack, enabling overwriting of stack memory and limited arbitrary code exe...
PT-2026-30995
The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...
Semtech LR11xx LoRa 安全漏洞
Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. There are security vulnerabilities in Semtech LR11xx LoRa. These vulnerabilities stem from improper access control in earlier firmware versions, which may allow attackers with...
Semtech LR11xx LoRa 安全漏洞
Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. There are security vulnerabilities in Semtech LR11xx LoRa; these vulnerabilities stem from information leaks in earlier firmware versions, which could allow attackers to bypass the...
Semtech LR11xx LoRa 安全漏洞
Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. The Semtech LR11xx LoRa device has a security vulnerability, which stems from the use of non-standard encryption hash algorithms that are vulnerable to secondary image attacks. Thi...
PT-2026-30994
An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...
Jailbreak Mimicry: Automated Discovery of Narrative-Based Jailbreaks for Large Language Models
Large language models LLMs remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker mode...
Bloodroot: When Watermarking Turns Poisonous for Stealthy Backdoor
Backdoor data poisoning is a crucial technique for ownership protection and defending against malicious attacks. Embedding hidden triggers in training data can manipulate model outputs, enabling provenance verification, and deterring unauthorized use. However, current audio backdoor methods are...