Lucene search
K

26 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-62186

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:50 p.m.34 views

CVE-2026-54033 LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS0.00207EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:50 p.m.8 views

CVE-2026-54033

LibreChat exposes an SSRF risk in its baseURL handling: prior to version 0.8.4-rc1, an authenticated user could set a custom OpenAI-compatible API endpoint baseURL and have requests constructed without SSRF validation (no private IP check, no scheme restriction, no DNS pinning). This allowed dire...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/25 3:50 p.m.5 views

EUVD-2026-39460

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 10:16 a.m.12 views

CVE-2026-5497

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS0.00543EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/11 8:31 a.m.11 views

EUVD-2026-36217

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS5.5AI score0.00543EPSS
Exploits1References2
CVE
CVE
added 2026/06/11 8:31 a.m.70 views

CVE-2026-5497

CVE-2026-5497 affects vLLM 0.8.0 and later, where VideoMediaIO.load_base64() can perform unbounded frame processing for video/jpeg data URLs, leading to an Out-of-Memory DoS. An attacker can craft a single API request with thousands of comma-separated base64 JPEG frames, causing the server to dec...

7.5CVSS5.5AI score0.00543EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9540

A flaw was found in vllm-project vllm, specifically within its OpenAI-compatible Serving Path. A remote attacker could exploit this vulnerability by manipulating certain processing, leading to a denial of service DoS. This could make the affected service unavailable to legitimate users. The issue...

6.9CVSS6AI score0.00427EPSS
Exploits0References10
OSV
OSV
added 2026/05/26 3:32 p.m.5 views

GHSA-98F3-HWG4-4RF7 vllm has Improper Resource Shutdown or Release

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.5AI score0.00427EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/26 2:43 p.m.12 views

Improper Resource Shutdown or Release

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the OpenAI-compatible Serving Path component. An attacker can cause the service to become unavailable by...

6.9CVSS6.1AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 2:16 p.m.19 views

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS0.00427EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 10:30 a.m.13 views

EUVD-2026-31810

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:30 a.m.10 views

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/26 10:30 a.m.43 views

CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS0.00427EPSS
Exploits0References7
CVE
CVE
added 2026/05/26 10:30 a.m.48 views

CVE-2026-9540

CVE-2026-9540 affects vllm-project vllm 0.19.0, specifically an issue in the OpenAI-compatible Serving Path that allows remote manipulation leading to a denial of service. The vulnerability’s exploitation is described as publicly available, with a pull request to fix it awaiting acceptance. CVSS ...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 10:30 a.m.3 views

CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.7AI score0.00427EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

vLLM 安全漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and efficient memory usage for reasoning and services. Version vLLM 0.19.0 contains a security vulnerability. This vulnerability stems from unknown handling operations in the OpenAI-compatible Serving Path...

6.9CVSS6AI score0.00427EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.10 views

PT-2026-43245

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/05 4:0 p.m.13 views

CVE-2026-7846 chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

2.6CVSS5.1AI score0.00162EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 4:0 p.m.27 views

CVE-2026-7846

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.

2.6CVSS5.1AI score0.00162EPSS
Exploits0References6
Rows per page
Query Builder