4 matches found
CVE-2026-55646 vLLM speech-to-text endpoints allocate full upload before enforcing the audio file-size limit
vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the profile picture upload. An attacker can cause significant service slowdowns by uploading a profile picture exceeding the intended size limit. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the profile picture upload. An attacker can cause significant service slowdowns by uploading a profile picture exceeding the intended size limit. Remediation Upgrade...
DEBIAN-CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleanin...