37 matches found
CVE-2026-34034 Coolify: Host RCE via Sentinel token injection
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...
CVE-2026-34034 Coolify: Host RCE via Sentinel token injection
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...
EUVD-2026-41556
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-4629
CVE-2026-4629 affects Keycloak. A highly privileged user with the ability to manage clients can inject a hardcoded role mapper into any client, bypassing scope restrictions and injecting the realm-admin role into generated tokens, yielding full administrative access to the realm. The vulnerabilit...
CVE-2026-44222
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from administrators with limited client management privileges being able to exploit the loophole in the fine-grained administrator...
CVE-2026-44222
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
CVE-2026-44222
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
vLLM 输入验证错误漏洞
vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.6.1 to 0.20.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from token injection issues during...
External Secrets 授权问题漏洞
External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of the External Secrets Operator prior to 2.4.1 had an authorization issue vulnerability. This vulnerability stemmed from the ability for users to create ExternalSecret resources, allowing...
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Summary This report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during...
GHSA-HPV8-X276-M59F vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Summary This report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during...
PT-2026-37318
Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.1 through 0.19.x Description A Token Injection issue exists in the multimodal processing of vLLM. Unauthenticated, text-only prompts containing special tokens are interpreted as control commands. When image and video...
PT-2026-37178
Name of the Vulnerable Software and Affected Versions Roadiz versions prior to 2.3.43 Roadiz versions prior to 2.5.45 Roadiz versions prior to 2.6.31 Roadiz versions prior to 2.7.18 Description The roadiz/openid package fails to properly implement the OIDC nonce validation process. While the...
GHSA-Q93Q-V844-JRQP kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token
kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount tok...
kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token
kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount tok...
SUSE CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
Improper Neutralization of Special Elements in Data Query Logic
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token field in the password reset and email...
EUVD-2026-10552
Parse Server has a NoSQL injection via token type in password reset and email verification endpoints...