CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

797 matches found

CVE•added 2026/05/12 7:58 p.m.•15 views

CVE-2026-44223

vLLM contains a vulnerability (CVE-2026-44223) where the extract_hidden_states speculative decoding pathway can crash the EngineCore process if any request uses penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). The issue arises from an incorrect tensor shape after t...

6.5CVSS5.8AI score0.00367EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/12 6:30 p.m.•8 views

EUVD-2026-29553

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

6.3AI score0.00497EPSS

Exploits0References3

NVD•added 2026/05/12 6:16 p.m.•8 views

CVE-2026-31230

9.8CVSS0.00497EPSS

Exploits0References2

Cvelist•added 2026/05/12 12:0 a.m.•30 views

CVE-2026-31230

0.00497EPSS

Exploits0References2

CVE•added 2026/05/12 12:0 a.m.•19 views

CVE-2026-31230

The CVE-2026-31230 vulnerability concerns the Adversarial Robustness Toolbox (ART) up to v1.20.1, specifically in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The issue arises from using unsafe eval() to parse string values passed via --clip_values and --input_shape, enabling a...

9.8CVSS6.3AI score0.00497EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 12:0 a.m.•4 views

CVE-2026-31230

6.3AI score0.00497EPSS

Exploits0References2

OSV•added 2026/05/08 3:16 p.m.•3 views

UBUNTU-CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

7.8CVSS5.7AI score0.00099EPSS

Exploits0References6

Github Security Blog•added 2026/05/06 11:9 p.m.•5 views

Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

7.5CVSS6.8AI score0.00364EPSS

Exploits3References8Affected Software1

Github Security Blog•added 2026/05/06 9:45 p.m.•6 views

vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•8 views

PT-2026-38288

Name of the Vulnerable Software and Affected Versions vLLM versions 0.18.0 through 0.19.1 Description The extract hidden states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError that crashes the EngineCore process. This...

6.5CVSS5.8AI score0.00367EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace the fake VLA at the end of vbvamousepointershape with a real VLA. Replace the fake VLA at the end of the vbvamousepointershape structure with a real VLA to fix a “memcpy: detected field-spanning write error...

5.5CVSS6.3AI score0.00252EPSS

Exploits0References2

Snyk•added 2026/05/01 5:33 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the TShape process. An attacker can cause the application to crash or become unresponsive by submitting a specially crafted VRML file that triggers dereference of a corrupt or unvalidated pointer during shape...

7.5CVSS5.8AI score0.00219EPSS

Exploits0References2

OSV•added 2026/05/01 3:16 p.m.•3 views

DEBIAN-CVE-2026-42478

An issue was discovered in VrmlDataIndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointe...

7.5CVSS5.8AI score0.00219EPSS

Exploits0References1

OSV•added 2026/04/29 12:10 a.m.•1 views

OSV-2026-649 Container-overflow in OGRGeometryFactory::organizePolygons

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506932597 Crash type: Container-overflow WRITE 1 Crash state: OGRGeometryFactory::organizePolygons OGRCreateFromShapeBin OpenFileGDB::FileGDBOGRGeometryConverterImpl::CreateCurveGeometry...

5.3AI score

Exploits0References1

Packet Storm•added 2026/04/23 12:0 a.m.•74 views

📄 Keras 3.13.0 HDF5 Shape Bomb Denial of Service

This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras model archives containing artificially declared extremely large tensor shapes designed to force excessive memory allocation during...

7.5CVSS6.5AI score0.00364EPSS

Exploits3

Packet Storm•added 2026/04/23 12:0 a.m.•83 views

📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb

This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...

7.5CVSS6.5AI score0.00364EPSS

Exploits3

Packet Storm News•added 2026/04/23 12:0 a.m.•5 views

Keras 3.13.0 HDF5 Shape Fuzzing for Robustness Testing

This script performs fuzz testing against Keras version 3.13.0 on randomly generated tensor shapes using NumPy and HDF5 to evaluate stability and error handling in file creation workflows...

5.8AI score

Exploits0

RedhatCVE•added 2026/04/22 10:58 a.m.•3 views

CVE-2026-40906

A flaw was found in ElectricSQL, a Postgres sync engine. An authenticated user could exploit an error-based SQL injection vulnerability in the /v1/shape API's orderby parameter. This flaw allows an attacker to read, write, and destroy the full contents of the underlying PostgreSQL database. Such ...

9.9CVSS5.8AI score0.00405EPSS

Exploits1References5

Cvelist•added 2026/04/21 8:5 p.m.•28 views

CVE-2026-40906 Electric: SQL Injection via ORDER BY Parameter in Shape API

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the orderby parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted...

9.9CVSS0.00405EPSS

Exploits1References2

EUVD•added 2026/04/21 8:5 p.m.•3 views

EUVD-2026-24475

9.9CVSS5.8AI score0.00405EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by