CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Cvelist•added 2025/12/25 12:0 a.m.•14 views

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

7.5CVSS0.00024EPSS

Exploits0References1

CVE•added 2025/12/25 12:0 a.m.•9 views

CVE-2025-66377

CVE-2025-66377 affects Pexip Infinity prior to 39.0. A missing authentication for a critical function in a product-internal API allows an attacker who already has code execution on one node to impact the operation of other nodes in the installation. This is not listed as exploitable in the provid...

7.5CVSS7.1AI score0.00024EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-3963

Malware in sbrugna...

5CVSS6.3AI score0.00653EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-12672

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00447EPSS

Exploits1References5

Packet Storm News•added 2025/07/17 12:0 a.m.•1 views

Backscattering-Based Security in Wireless Power Transfer Applied to Battery-Free BLE Sensors

The integration of security and energy efficiency in Internet of Things systems remains a critical challenge, particularly for battery-free and resource-constrained devices. This paper explores the scalability and protocol-agnostic nature of a backscattering-based security mechanism by integratin...

6.9AI score

Exploits0

Veracode•added 2025/05/13 4:16 a.m.•5 views

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of Python’s pickle module on untrusted data received over a ZeroMQ SUB socket in multi-node deployments using the V0 engine, which allows an attacker to execute arbitrary code on the target machine and potentiall...

8CVSS8.1AI score0.00432EPSS

Exploits0References5Affected Software1

Veracode•added 2025/05/07 5:21 a.m.•6 views

Denial Of Service (DoS)

vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...

7.5CVSS7.5AI score0.00447EPSS

Exploits1References6Affected Software1

Cvelist•added 2025/05/06 4:53 p.m.•16 views

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

8CVSS0.00432EPSS

Exploits0References3

OSV•added 2025/05/06 4:53 p.m.•4 views

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

8CVSS7.8AI score0.00432EPSS

Exploits0References5

OSV•added 2025/05/06 4:38 p.m.•3 views

GHSA-9PCC-GVX5-R5WM Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

Affected Environments Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by...

8CVSS7.7AI score0.00432EPSS

Exploits0References5

Github Security Blog•added 2025/05/06 4:38 p.m.•9 views

Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

8CVSS7.8AI score0.00432EPSS

Exploits0References5Affected Software1

NVD•added 2025/04/30 1:15 a.m.•19 views

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

7.5CVSS0.00447EPSS

Exploits1References3

Cvelist•added 2025/04/30 12:24 a.m.•18 views

CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment

7.5CVSS0.00447EPSS

Exploits1References3

CVE•added 2025/04/30 12:24 a.m.•204 views

CVE-2025-30202

CVE-2025-30202 affects vLLM versions 0.5.2 up to 0.8.4 (prior to 0.8.5) in multi-node deployments. The root cause is an XPUB ZeroMQ socket bound to ALL interfaces on the primary host used for tensor parallelism, which can be accessed by any client with network access. This allows potential data e...

7.5CVSS7.7AI score0.00447EPSS

Exploits1References3Affected Software1

OSV•added 2025/04/29 2:50 p.m.•0 views

GHSA-9F8F-2VMF-885J Data exposure via ZeroMQ on multi-node vLLM deployment

Impact In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism acros...

7.5CVSS6AI score0.00447EPSS

Exploits1References6

AlmaLinux•added 2024/05/22 12:0 a.m.•35 views

Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS6.5AI score0.0006EPSS

Exploits0References4

AlmaLinux•added 2024/04/30 12:0 a.m.•30 views

Moderate: ansible-core bug fix, enhancement, and security update

5.5CVSS5.6AI score0.0006EPSS

Exploits0References4