Lucene search
K

5 matches found

OSV
OSV
added 2026/02/02 5:43 p.m.4 views

GHSA-4R2X-XPJR-7CVV vLLM has RCE In Video Processing

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

9.8CVSS6.6AI score0.03816EPSS
Exploits0References6
OSV
OSV
added 2026/01/27 10:1 p.m.4 views

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-10873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A...

8.8CVSS7.8AI score0.03934EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.5 views

PT-2024-35954 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...

8.7CVSS6.9AI score0.00448EPSS
Exploits0References10
CNVD
CNVD
added 2018/08/21 12:0 a.m.1 views

Red Hat SPICE Denial of Service Vulnerability

Red Hat SPICE is an adaptive telepresence open-source protocol used by Red Hat's Enterprise Virtualized Desktop Edition to connect users to their virtual desktops, providing the exact same end-user experience as a physical desktop. A denial-of-service vulnerability exists in Red Hat SPICE version...

8.8CVSS7.8AI score0.03934EPSS
Exploits0References1
Rows per page
Query Builder