EUVD-2026-37645

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

GHSA-8JR5-V98P-W75M vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

CVE-2026-12491

CVE-2026-12491 affects the vLLM library used for LLM inference. The issue stems from improper handling of image metadata during image processing, specifically EXIF orientation and PNG transparency (tRNS). When converting images to RGB, transparency information may be discarded or remapped, causin...

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fixed the issue of NULL pointer dereferencing during SSDB/PLD parsing. When the functions ipubridgeparserotation and ipubridgeparseorientation are executed, sensor-adev is not set yet. Therefore, if either of...

MiracleLinux 4 : firefox-68.3.0-1.0.1.AXS4 (AXSA:2019-4414:07)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4414:07 advisory. Mozilla: Use-after-free in worker destruction CVE-2019-17008 Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 CVE-2019-17012 Mozilla:...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

C/N0 Analysis-Based GPS Spoofing Detection with Variable Antenna Orientations

GPS spoofing poses a growing threat to aviation by falsifying satellite signals and misleading aircraft navigation systems. This paper demonstrates a proof-of-concept spoofing detection strategy based on analyzing satellite Carrier-to-Noise Density Ratio C/N$0$ variation during controlled static...

EUVD-2019-17944

Malware in sbrugna...

EUVD-2019-7484

Malware in sbrugna...

EUVD-2011-1133

Malware in sbrugna...

EUVD-2014-9497

Malware in sbrugna...

EUVD-2014-7757

Malware in sbrugna...

EUVD-2016-2875

Malware in sbrugna...

EUVD-2024-51821

Malicious code in bioql PyPI...

EUVD-2025-23709

Malicious code in bioql PyPI...

UBUNTU-CVE-2023-53336

In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings When ipubridgeparserotation and ipubridgeparseorientation run sensor-adev is not set yet. So if either of the devwarn calls about unknown values are hit this...

Linux Distros Unpatched Vulnerability : CVE-2016-1780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-22267)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that can be exploited by an attacker to cause the device to be set at random screen orientation by an exploit...