Lucene search
K

126609 matches found

OSV
OSV
added 2026/04/02 8:37 p.m.3 views

GHSA-MVF2-F6GM-W987 fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Summary The fix for GHSA-c2ff-88x2-x9pg CVE-2023-48223 is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. Details The f...

9.1CVSS6AI score0.00235EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/02 8:37 p.m.7 views

fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Summary The fix for GHSA-c2ff-88x2-x9pg CVE-2023-48223 is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. Details The f...

9.1CVSS6.3AI score0.00687EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/04/02 8:16 p.m.4 views

CVE-2026-34760

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

7.1CVSS0.00267EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:59 p.m.0 views

CVE-2026-34760

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/02 6:59 p.m.5 views

EUVD-2026-18522

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 6:59 p.m.1 views

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 6:59 p.m.11 views

CVE-2026-34760

Summary: CVE-2026-34760 concerns vLLM’s audio processing path via Librosa. From version 0.5.5 up to before 0.18.0, Librosa used numpy.mean for mono downmix (to_mono), while ITU-R BS.775-4 specifies a weighted downmix. This mismatch creates inconsistency between audio perceived by humans and audio...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 6:59 p.m.20 views

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS0.00267EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 6:43 p.m.5 views

Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to providing weaker than expected security CVE-2025-14923, improper validation of user-supplied input CVE-2025-12635, and improperly controlled modification of object prototype attributes in the Immutable package...

9.8CVSS5.7AI score0.00978EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 6:41 p.m.5 views

Security Bulletin: IBM Copy Services Manager may be affected by multiple vulnerabilities due to IBM SDK Quarterly CPU - Jan 2026

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE January 2026 Patch Update. Although likelihood of these issues being exploited is very low, IBM Copy Services Manager frequently updates product stack to ensure the utmost security is maintained. Vulnerability Details Refer to...

7.5CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/04/02 6:31 p.m.7 views

EUVD-2026-18402

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

3.1CVSS5.9AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 5:16 p.m.2 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.2 views

DEBIAN-CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.2AI score0.00237EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.5 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.2 views

UBUNTU-CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.8AI score0.00237EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 4:52 p.m.1 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

3.1CVSS5.9AI score0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:52 p.m.8 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

3.1CVSS5.9AI score0.00237EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 4:52 p.m.330 views

CVE-2026-35387

OpenSSH before 10.3 is affected by CVE-2026-35387: when listing any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms, the client/server may misinterpret this as enabling all ECDSA algorithms. The result is the unintended use of ECDSA keys, with confidentiality impact lis...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/02 4:52 p.m.3 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.2AI score0.00237EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/02 4:52 p.m.120 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

3.1CVSS0.00237EPSS
Exploits0References3
Rows per page
Query Builder