Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1768 matches found

NVD
NVDadded 2 days ago6 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00142EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2 days ago3 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS5.8AI score0.00142EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2 days ago21 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00142EPSS
Exploits0References4
CVE
CVEadded 2 days ago21 views

CVE-2026-47155

CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...

6.5CVSS5.8AI score0.00142EPSS
Exploits0References4
OSV
OSVadded 2026/06/11 9:47 p.m.4 views

MINI-RJP8-XC83-R6HQ

Bulletin has no description...

6.1CVSS5.2AI score0.00188EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2026/06/10 5:11 p.m.8 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00142EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/06/10 5:11 p.m.8 views

GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00142EPSS
Exploits0References2
Snyk
Snykadded 2026/06/10 5:11 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference through several model loading paths. An attacker can make the server load a different Hugging Face...

6.5CVSS5.5AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/10 8:59 a.m.11 views

CVE-2026-34905

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 8:59 a.m.12 views

CVE-2026-25699

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/10 12:0 a.m.9 views

PT-2026-48537

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...

6.5CVSS5.8AI score0.00142EPSS
Exploits0References9
Snyk
Snykadded 2026/06/09 10:23 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snykadded 2026/06/09 10:23 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snykadded 2026/06/09 10:23 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snykadded 2026/06/09 10:23 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
CVE
CVEadded 2026/06/09 7:35 a.m.24 views

CVE-2026-34905

CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/09 7:35 a.m.5 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

5.4AI score0.00325EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/09 7:35 a.m.8 views

EUVD-2026-35372

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/09 7:33 a.m.12 views

EUVD-2026-35368

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score0.00406EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/09 7:33 a.m.4 views

CVE-2026-25699 Apache Answer: Authorization Bypass in Timeline API

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

5.4AI score0.00406EPSS
Exploits0References1
Rows per page
Query Builder