Lucene search
K

146 matches found

OSV
OSV
added 2026/06/29 8:17 p.m.6 views

UBUNTU-CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString XS.xs inspects the previous token's last byte to choose between a regexp literal and a...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:29 a.m.8 views

Malicious code in tokenization-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/25 5:29 a.m.5 views

MAL-2026-6440 Malicious code in tokenization-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/22 4:56 p.m.2 views

CVE-2026-53538 Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS5.9AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

8.8CVSS6.3AI score0.00224EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.62 views

MalwarePT: A Binary-Level Foundation Model for Malware Analysis

Automated malware analysis increasingly relies on machine learning, yet most existing methods remain task-specific and depend on handcrafted features or narrowly scoped models. Recent developments in binary-level foundation models suggest a path toward reusable program representations, but their...

5.9AI score
Exploits0
CVE
CVE
added 2026/03/19 10:1 p.m.10 views

CVE-2026-30873

CVE-2026-30873 affects OpenWrt Project’s jsonpath component, specifically the jp_get_token function used during lexical analysis. In OpenWrt releases prior to 24.10.6 and 25.12.1, memory allocated for strings, field labels, and regular expressions is copied to a new jp_opcode object without freei...

4.9CVSS5.7AI score0.00515EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 10:1 p.m.7 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.7AI score0.00515EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/09 7:54 p.m.13 views

OpenClaw: system.run allow-always persistence included shell-commented payload tails

OpenClaw's system.run allowlist analysis did not honor POSIX shell comment semantics when deriving allow-always persistence entries. A caller in security=allowlist mode who received an allow-always decision could submit a shell command whose tail was commented out at runtime, for example by using...

5.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/09 7:54 p.m.5 views

GHSA-9Q2P-VC84-2RWM OpenClaw: system.run allow-always persistence included shell-commented payload tails

OpenClaw's system.run allowlist analysis did not honor POSIX shell comment semantics when deriving allow-always persistence entries. A caller in security=allowlist mode who received an allow-always decision could submit a shell command whose tail was commented out at runtime, for example by using...

5CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 12:14 a.m.24 views

CVE-2026-21900 CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in...

8.2CVSS0.00514EPSS
Exploits1References3
HackRead
HackRead
added 2025/12/19 11:42 a.m.11 views

The Asset Layer of the Web: Tokenization Is Becoming Finance’s New Backend Infrastructure

Crypto’s public image lagged reality. Stablecoins, tokenization, and regulation now power a blockchain backend settling global finance at institutional scale...

7AI score
Exploits0
Snyk
Snyk
added 2025/12/16 10:32 p.m.14 views

Malicious Package

Overview tokenization-lab is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2025/11/21 2:15 a.m.11 views

CVE-2025-62426

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00326EPSS
Exploits0References5
CVE
CVE
added 2025/11/21 1:21 a.m.20 views

CVE-2025-62426

Summary: CVE-2025-62426 affects vLLM up to versions before 0.11.1. The /v1/chat/completions and /tokenize endpoints accept a chat_template_kwargs parameter that is used before validation, allowing an attacker to block the API server by forcing large tokenization tasks and delaying all other reque...

6.5CVSS6.8AI score0.00326EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/11/21 1:21 a.m.14 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00326EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/21 1:21 a.m.9 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS6.8AI score0.00326EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/21 1:21 a.m.5 views

EUVD-2025-198356

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS6.6AI score0.00326EPSS
Exploits0References6
OSV
OSV
added 2025/11/21 1:21 a.m.6 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS7AI score0.00326EPSS
Exploits0References7
OSV
OSV
added 2025/11/20 9:26 p.m.1 views

GHSA-69J4-GRXJ-J64P vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

6.5CVSS6.1AI score0.00326EPSS
Exploits0References7
Rows per page
Query Builder