Lucene search
+L

102 matches found

fedora
fedora
added 5 days ago7 views

[SECURITY] Fedora 44 Update: python-pillow-12.3.0-1.fc44

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

7.5CVSS6.1AI score0.00364EPSS
Exploits5
vulnrichment
vulnrichment
added 2026/06/22 10:9 p.m.4 views

CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS5.9AI score0.03816EPSS
Exploits1References3
osv
osv
added 2026/06/22 10:9 p.m.4 views

CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS6AI score0.00796EPSS
Exploits1References5
github
github
added 2026/06/17 2:4 p.m.25 views

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

9.8CVSS6.8AI score0.03816EPSS
Exploits1References4Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.12 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.5AI score0.00075EPSS
Exploits0References1
nvd
nvd
added 2026/06/04 11:16 a.m.15 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS0.00075EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/06/04 11:0 a.m.7 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/06/04 11:0 a.m.4 views

CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

2CVSS4.8AI score0.00075EPSS
Exploits0References10
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.10 views

ModelScope 安全漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Versions of ModelScope 4.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the Template.savepilimage function of the...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
snyk
snyk
added 2026/06/03 9:15 p.m.9 views

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

8.1CVSS5.5AI score0.0004EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/02 10:2 p.m.15 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References1
nvd
nvd
added 2026/05/05 4:16 p.m.25 views

CVE-2026-7845

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS0.0014EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/05/05 3:45 p.m.14 views

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS5.1AI score0.0014EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/05 3:45 p.m.56 views

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS0.0014EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.12 views

PT-2026-37082

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4 Description A flaw in the Vision Chat Paste Image Handler component allows for the use of a weak hash. This occurs during the manipulation of the paste image.image data argument within the...

2.6CVSS6AI score0.0014EPSS
Exploits0References13
cve
cve
added 2026/03/11 10:2 p.m.51 views

CVE-2026-3961

CVE-2026-3961 affects the zyddnys manga-image-translator project up to beta-0.3. The vulnerability lies in the function to_pil_image in manga-image-translator-main/server/request_extraction.py of the Translate Endpoints, where input handling allows server-side request forgery. The issue enables r...

6.5CVSS5.5AI score0.00251EPSS
Exploits0References12
osv
osv
added 2026/03/11 10:2 p.m.10 views

CVE-2026-3961 zyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side request forgery

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

5.3CVSS6.2AI score0.00251EPSS
Exploits0References14
cvelist
cvelist
added 2026/02/02 9:9 p.m.43 views

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS0.03816EPSS
Exploits0References4
github
github
added 2026/02/02 5:43 p.m.20 views

vLLM has RCE In Video Processing

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

9.8CVSS6.4AI score0.03816EPSS
Exploits0References6Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0040

Malware in sbrugna...

5CVSS6.7AI score0.03587EPSS
Exploits0References15
Rows per page
Query Builder