Lucene search
K

377 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-55646

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS0.00289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-55646

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6AI score0.00289EPSS
Exploits0References4Affected Software1
OSV
OSV
added 3 days ago5 views

BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are...

5.5CVSS6AI score0.001EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:40 a.m.3 views

BIT-HAPROXY-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.10 views

SUSE CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.8AI score0.001EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.5CVSS5.8AI score0.001EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 7:41 p.m.16 views

CVE-2026-53319

Mode C: Normal (details available) CVE-2026-53319 affects the Linux kernel block writeback throttling (blk-wbt) code. The issue arises in wbt_init_enable_default(), which previously used WARN_ON_ONCE to report failures from wbt_alloc() and wbt_init(). These failure paths are expected: wbt_alloc()...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.8AI score0.001EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.5CVSS5.8AI score0.001EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52958

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wbt init enable default function uses WARN ON ONCE to check for failures from wbt alloc and wbt init. However, these are expected failure paths: wbt alloc may return NULL during memo...

5.8AI score0.001EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A use-after-free condition affected the creation of TLS sockets when memory pressure was present. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

8.8CVSS7.3AI score0.01092EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak in activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...

7.5CVSS5.8AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 4:5 p.m.22 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/18 4:5 p.m.9 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.6 views

protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49585

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.4.2 Description protobufjs preserves unknown wire elements in message.$unknowns during binary decode but lacks a decode-time option to discard these fields before retention. A crafted protobuf payload...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References6
Rows per page
Query Builder