CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.1AI score0.00172EPSS

Exploits0References2

OSV•added 2025/08/11 1:51 p.m.•2 views

BIT-LIBPYTHON-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

7.5CVSS6.5AI score0.00384EPSS

Exploits0References30

Packet Storm News•added 2025/05/19 12:0 a.m.•2 views

Outsourced Privacy-Preserving Feature Selection Based on Fully Homomorphic Encryption

Feature selection is a technique that extracts a meaningful subset from a set of features in training data. When the training data is large-scale, appropriate feature selection enables the removal of redundant features, which can improve generalization performance, accelerate the training process...

6.6AI score

Exploits0

Veracode•added 2025/05/14 3:12 a.m.•6 views

Denial Of Service (DoS)

vllm is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient list concatenation operations and also dynamic replacement of placeholder tokens with repeated tokens based on precomputed lengths, allowing an attacker to trigger resource exhaustion by exploiting the quadrati...

7.5CVSS6.6AI score0.00574EPSS

Exploits1References4Affected Software1

Cvelist•added 2025/04/30 12:24 a.m.•23 views

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

6.5CVSS0.00574EPSS

Exploits1References2

OSV•added 2025/04/29 4:43 p.m.•0 views

GHSA-VC6M-HM49-G9QG phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to inefficient list concatenation operations, the...

6.5CVSS6.5AI score0.00574EPSS

Exploits1References4

Github Security Blog•added 2025/04/29 4:43 p.m.•15 views

phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service

7.5CVSS6.9AI score0.00574EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/03/22 11:9 a.m.•4 views

CVE-2024-8763

A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...

7.5CVSS6.8AI score0.0042EPSS

Exploits1References1

Github Security Blog•added 2025/03/20 12:32 p.m.•14 views

Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...

7.5CVSS6.6AI score0.00228EPSS

Exploits0References4Affected Software1