PT-2026-40970

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

Linux Distros Unpatched Vulnerability : CVE-2026-33186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2...

orpc 安全漏洞

orpc is an open-source RPC and OpenAPI integration framework developed by middleapi. Versions of oRPC prior to 1.13.6 contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the RPC JSON deserializer of the @orpc/client package. This could allow unauthenticat...

EUVD-2018-6745

Malware in sbrugna...

EUVD-2025-27574

Malicious code in bioql PyPI...

EUVD-2024-0286

Malicious code in bioql PyPI...

EUVD-2024-2573

Malicious code in bioql PyPI...

CVE-2024-7804

A flaw was found in PyTorch. This vulnerability allows an attacker to execute arbitrary code remotely via a maliciously crafted serialized PythonUDF object. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

GHSA-4VMG-RW8F-92F9 Withdrawn Advisory: PyTorch deserialization vulnerability

Withdrawn Advisory This advisory has been withdrawn because it describes known functionality of PyTorch. This link is maintained to preserve external references. Original Description A deserialization vulnerability exists in the Pytorch RPC framework torch.distributed.rpc in pytorch/pytorch...

CVE-2024-7804

...

gRPC: sensitive information disclosure

A flaw was found in gRPC. This flaw allows a remote attacker to obtain sensitive information, caused by a flaw when the gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker can obtain sensitive information, and use this information to launch...

AZL-47442 CVE-2024-7246 affecting package grpc for versions less than 1.62.3-1

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the HPackParser function when the gRPC client is communicating with an HTTP/2 proxy, allowing the attacker to poison the HPACK table. By manipulating the header encoding and poisoning the HPACK table...

GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

gRPC Security Vulnerabilities

gRPC is a modern, open-source, high-performance remote procedure call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC versions prior to 1.10.9, 1.9.15, and 1.8.22, which stems from the ability to allocate memory far beyond the configuration limit for incoming messages...

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-5480

CVE-2024-5480 is a valid vulnerability describing a remote code execution in PyTorch’s torch.distributed.rpc framework prior to version 2.2.2. Red Hat’s entry details an RCE arising when a worker serializes and sends a PythonUDF to the master and the master deserializes/executes it without proper...

CVE-2024-5480

Removed by vendor...

CVE-2024-27302

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

CVE-2024-27302

Go-zero (web/RPC framework) contains a CORS Filter vulnerability where isOriginAllowed uses strings.HasSuffix, enabling bypass by a malicious domain. This can break the CORS policy and allow a page to make requests or retrieve data on behalf of other users. The issue affects the configurable allo...