CVE-2026-34756

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

CVE-2026-34756

CVE-2026-34756 affects vLLM OpenAI-compatible API server prior to 0.19.0. The root cause is missing upper-bound validation on the n parameter in ChatCompletionRequest/CompletionRequest, allowing an unauthenticated attacker to send an astronomically large n value that causes the asyncio event loop...

CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

Allocation of Resources Without Limits or Throttling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of upper bound validation on the n parameter in the request handling process. A...

PT-2026-30199

Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an...

CVE-2023-45573

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and...

CVE-2023-45573

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and...

PT-2023-6953 · Docker +4 · Docker Distribution +4

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.2-beta.1 Description: A flaw was found in the /v2/ catalog endpoint, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 n parameter to browsevideos.php or the 2 cat parameter to groups.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the 1 n parameter to emailrecipe.aspx, 2 id parameter to recipedetail.aspx, and the 3 catid parameter to validatefieldlength.aspx...

CVE-2006-5508

Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via 1 the n parameter and 2 the User-Agent HTTP header...