94 matches found
granian 输入验证错误漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...
OpenVPN -- server DOS and data leak in TLS handshake vulnerabilities
Gert Doering reports: Security fixes in 2.7.2 fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances CVE-2026-40215 fix server termination on receiving a suitably malformed packet with a valid tls-crypt-v2 key...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
UBUNTU-CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via the launcher endpoint when an authenticated host sends an unexpected log type value. An attacker can cause the server process to terminate immediately, disrupting all connected...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via the launcher endpoint when an authenticated host sends an unexpected log type value. An attacker can cause the server process to terminate immediately, disrupting all connected...
PT-2026-28629
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet, an open-source device management software, contains a flaw in its gRPC Launcher endpoint. An authenticated host can exploit this to cause a denial-of-service condition, leading to the terminati...
CVE-2026-3119
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
CVE-2026-29771
Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart...
Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint
The /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals...
EUVD-2026-1865
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions...
PYSEC-2026-143
vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...
CVE-2026-22773
vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...
PYSEC-2026-143
vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...
CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...
vLLM 安全漏洞
vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM version 0.6.4 up to and including version 0.12.0, which stems from the fact that sending specially crafted 1x1 pixel images results in a tensor dimension...
PT-2026-2260
Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.4 through 0.11.9 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models that utilize the Idefics3 vision model implementatio...
EUVD-2008-6665
Malware in sbrugna...