Lucene search
K

3095 matches found

CVE
CVE
added 2026/07/06 8:7 p.m.13 views

CVE-2026-55514

CVE-2026-55514 affects the vLLM library (inference/serving) from versions 0.12.0 through older than 0.24.0. Sending a pure prompt embeds payload in a /v1/completions request for a model using M-RoPE triggers an EngineCore assertion, causing a fatal crash that shuts down the entire server applicat...

7.1CVSS6AI score0.0037EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 8:7 p.m.4 views

CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS6AI score0.0037EPSS
Exploits0References6
OSV
OSV
added 2026/07/03 1:33 p.m.4 views

MINI-P288-GWW4-5M27

Bulletin has no description...

6.1CVSS5.9AI score0.00188EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.13 views

GHSA-3PP7-M8F5-89GX vulnerabilities

Vulnerabilities for packages: firefox, firefox-esr...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 8:16 a.m.18 views

CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:56 a.m.8 views

EUVD-2026-40926

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:56 a.m.38 views

CVE-2026-10538 Improper deserialization handling in Control-M Components

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:56 a.m.24 views

CVE-2026-10538

This CVE affects Control-M components (Control-M/Server and Control-M/Enterprise Manager) with a deserialization vulnerability in the messaging consumer. The issue arises from deserializing user-controlled data without strict control of allowed object types in versions 9.0.20.x and potentially ea...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:55 a.m.7 views

EUVD-2026-40925

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:55 a.m.38 views

CVE-2026-10539 Unauthenticated command injection in Control-M/Server communication command

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:55 a.m.28 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:52 a.m.8 views

EUVD-2026-40933

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:52 a.m.18 views

CVE-2026-10540

CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:52 a.m.8 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 7:52 a.m.40 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: In the vfs module, a race condition occurred regarding the mFlags field. ksmbd maintains states such as “delete-on-close” and “pending-delete” in the mFlags field of the ksmbdinode structure. In the vfscache.c code, thi...

5.9AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 2:0 p.m.4 views

MINI-MX7M-PFRJ-5X7M

Bulletin has no description...

8CVSS5.8AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/06/12 4:57 p.m.6 views

MINI-5V9M-RF59-CMC4

Bulletin has no description...

4.3CVSS5AI score0.00234EPSS
Exploits0
Rows per page
Query Builder