4 matches found
CVE-2026-20180 Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
GHSA-WR4H-V87W-P3R7 h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
Summary serveStatic in h3 is vulnerable to path traversal via percent-encoded dot segments %2e%2e, allowing an unauthenticated attacker to read arbitrary files outside the intended static directory on Node.js deployments. Details The vulnerability exists in src/utils/static.ts at line 86:...
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of Python’s pickle module on untrusted data received over a ZeroMQ SUB socket in multi-node deployments using the V0 engine, which allows an attacker to execute arbitrary code on the target machine and potentiall...
Denial Of Service (DoS)
vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...