CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

EUVD-2024-2764

Malicious code in bioql PyPI...

RLSA-2024:5524 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

CVE-2025-46560

CVE-2025-46560 affects vLLM 0.8.0–0.8.4, where the multimodal tokenizer’s input preprocessing uses placeholder tokens replaced by repeated tokens. The replacement logic relies on inefficient list concatenation, yielding quadratic time complexity (O(n²)) and enabling resource exhaustion via crafte...

GHSA-VC6M-HM49-G9QG phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2024-52798

Summary path-to-regexp-0.1.10.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Design/Logic Flaw

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance...

Markdown-It 资源管理错误漏洞

Markdown-It is a Markdown parser. A security vulnerability exists in Markdown-It, which originates from Markdown-It is a Markdown parser. Prior to version 1.3.2, special patterns greater than 50,000 characters in length significantly slowed down the parser. Users should upgrade to version 12.3.2 ...