Lucene search
K

69 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 7:58 p.m.8 views

CVE-2026-44223

vLLM is an inference and serving engine for large language models LLMs. From 0.18.0 to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:58 p.m.42 views

CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

vLLM is an inference and serving engine for large language models LLMs. From 0.18.0 to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The...

6.5CVSS0.00367EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 7:58 p.m.8 views

CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

vLLM is an inference and serving engine for large language models LLMs. From 0.18.0 to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.20.0 contained a security vulnerability. This vulnerability stemmed from the extracthiddenstates speculative decoding proposal, which returned tensor...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 9:45 p.m.7 views

GHSA-83VM-P52W-F9PW vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/06 9:45 p.m.8 views

Incorrect Type Conversion or Cast

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast through the extracthiddenstates speculative decoding. An attacker can cause the server to crash and disrupt servic...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.10 views

vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-38288

Name of the Vulnerable Software and Affected Versions vLLM versions 0.18.0 through 0.19.1 Description The extract hidden states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError that crashes the EngineCore process. This...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.5 views

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6.5CVSS6AI score0.00255EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/01 3:31 p.m.5 views

EUVD-2026-17895

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6.5CVSS6AI score0.00255EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 2:16 p.m.6 views

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6.5CVSS0.00255EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.26 views

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

0.00255EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.20 views

PT-2026-29521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6AI score0.00255EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.3 views

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6AI score0.00255EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 12:0 a.m.13 views

CVE-2026-30522

Summary: CVE-2026-30522 affects SourceCodester Loan Management System v1.0. A business logic flaw arises from improper server-side validation allowing negative values for penalty_rate in Loan Plans, despite frontend restrictions. An authenticated attacker can bypass client-side validation by subm...

6.5CVSS6AI score0.00255EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/30 12:0 a.m.3 views

GMA-SAWGAN-GP: A Novel Data Generative Framework to Enhance IDS Detection Performance

Intrusion Detection System IDS is often calibrated to known attacks and generalizes poorly to unknown threats. This paper proposes GMA-SAWGAN-GP, a novel generative augmentation framework built on a Self-Attention-enhanced Wasserstein GAN with Gradient Penalty WGAN-GP. The generator employs...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/19 12:0 a.m.4 views

A Novel Solution for Zero-Day Attack Detection in IDS Using Self-Attention and Jensen-Shannon Divergence in WGAN-GP

The increasing sophistication of cyber threats, especially zero-day attacks, poses a significant challenge to cybersecurity. Zero-day attacks exploit unknown vulnerabilities, making them difficult to detect and defend against. Existing approaches patch flaws and deploy an Intrusion Detection Syst...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/29 3:24 p.m.7 views

Amazon pays $2.5B settlement over deceptive Prime subscriptions

Another day, another settlement. Amazon has settled a lawsuit filed by the Federal Trade Commission FTC over misleading customers who signed up for Amazon Prime—though it claims it did nothing wrong. The FTC alleged that Amazon used deceptive methods to sign up consumers for Prime subscriptions—a...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/24 12:0 a.m.5 views

Regression-Aware Continual Learning for Android Malware Detection

Malware evolves rapidly, forcing machine learning ML-based detectors to adapt continuously. With antivirus vendors processing hundreds of thousands of new samples daily, datasets can grow to billions of examples, making full retraining impractical. Continual learning CL has emerged as a scalable...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Shill Bidding Prevention in Decentralized Auctions Using Smart Contracts

In online auctions, fraudulent behaviors such as shill bidding pose significant risks. This paper presents a conceptual framework that applies dynamic, behavior-based penalties to deter auction fraud using blockchain smart contracts. Unlike traditional post-auction detection methods, this approac...

6.7AI score
Exploits0
Rows per page
Query Builder