CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added last week•16 views

vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

Summary All temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors tha...

6.9CVSS5.6AI score0.00318EPSS

Exploits0References4Affected Software1

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fixed a typographical error in the frequency notification. The NAN notification refers to a frequency of 5745 MHz, which corresponds to channel 149, not 5475—which is not a valid channel at all. This could le...

5.7AI score0.00145EPSS

Exploits0References1

RedHat Linux•added 2026/05/19 1:31 p.m.•9 views

kernel: wifi: mac80211_hwsim: fix typo in frequency notification

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in...

5.8AI score0.00145EPSS

RedHat Linux•added 2026/05/19 9:4 a.m.•6 views

kernel: wifi: mac80211_hwsim: fix typo in frequency notification

5.8AI score0.00145EPSS

Github Security Blog•added 2026/05/07 3:10 a.m.•12 views

imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

5.9AI score

Exploits0References2Affected Software1

Github Security Blog•added 2026/04/10 6:31 p.m.•6 views

Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

7.5CVSS5.8AI score0.00555EPSS

Exploits0References8Affected Software1

Snyk•added 2026/04/10 5:6 p.m.•0 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output when JsonTemplateLayout logs a MapMessage. An attacker can cause downstream log processing systems to reject or fail to index affected records by supplying non-finite floating-point values such as...

7.7CVSS5.3AI score0.00555EPSS

SUSE CVE•added 2026/02/05 12:26 a.m.•6 views

SUSE CVE-2026-23040

NVD•added 2026/02/04 4:16 p.m.•6 views

Exploits0References3

CVE-2026-23040

0.00145EPSS

UbuntuCve•added 2026/02/04 4:16 p.m.•4 views

CVE-2026-23040

5.7AI score0.00145EPSS

Exploits0References4

OSV•added 2026/02/04 4:16 p.m.•3 views

UBUNTU-CVE-2026-23040

5.7AI score0.00145EPSS

EUVD•added 2026/02/04 4:0 p.m.•6 views

EUVD-2026-5507

Cvelist•added 2026/02/04 4:0 p.m.•24 views

CVE-2026-23040 wifi: mac80211_hwsim: fix typo in frequency notification

0.00145EPSS

CVE•added 2026/02/04 4:0 p.m.•19 views

CVE-2026-23040

CVE-2026-23040 is a Linux kernel vulnerability involving the wifi mac80211_hwsim: a typo in the frequency notification. The NAN notification was listed as 5745 MHz (channel 149) instead of a valid channel like 5475, which could lead to a NULL pointer dereference in cfg80211_next_nan_dw_notif. The...

OSV•added 2026/02/04 4:0 p.m.•5 views

CVE-2026-23040 wifi: mac80211_hwsim: fix typo in frequency notification