CVE-2026-36189

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustifyd-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the checktemplate.cpp, checktemplate function, tokenizecleanup function, uncrustify...

EUVD-2026-31287

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustifyd-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the checktemplate.cpp, checktemplate function, tokenizecleanup function, uncrustify...

CVE-2026-36189

CVE-2026-36189 affects Uncrustify: in Uncrustify_d-0.82.0-132-bcc41cbdc, a buffer overflow in the check_template.cpp/check_template and tokenize_cleanup functions could allow a local attacker to cause a denial of service. The issue has been fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc...

Uncrustify 安全漏洞

Uncrustify is an open-source multi-language source code formatting tool developed by uncrustify. The version UncrustifyUncrustifyd-0.82.0-132-bcc41cbdc contains security vulnerabilities. These vulnerabilities stem from buffer overflows in the checktemplate.cpp file, the checktemplate function, th...

Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal

Summary dasel's selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as r/abc. A 2-byte input r/ is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8 a...

Use of NullPointerException Catch to Detect NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to Use of NullPointerException Catch to Detect NULL Pointer Dereference in the MultimodalTokenize function that improperly processes NULL from mtmdhelperbitmapinitfrombuf function of vendored llama.cpp. An attacker can cause the applicatio...

CVE-2025-62426

A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chattemplatekwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API...

vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

PT-2025-47650

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. The /v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly...

The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service

...

Linux Distros Unpatched Vulnerability : CVE-2017-11548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tokenizematrix function in audioout.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file...

Malicious code in tokenize-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bf2139d8e0c1fd0cc2a5999a43ea8e49dce3b4cfdc1945fab3c8f5160851e1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12158 Malicious code in tokenize-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bf2139d8e0c1fd0cc2a5999a43ea8e49dce3b4cfdc1945fab3c8f5160851e1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2018-8881

Netwide Assembler NASM 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string...

OESA-2022-1877 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained,high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

PYSEC-2021-859

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

UBUNTU-CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

Vested NFT not always minted

Handle cmichel Vulnerability details The FSDVesting.claimVestedTokens function tokenizes the conviction only if the current claimed amount tokenClaim equals the total vested amount amount. // tokenClaim is vestedAmount - totalClaimed uint256 tokenClaim = calculateVestingClaim; if amount ==...

Insufficient Session Expiration in @cyyynthia/tokenize

Impact A bug introduced in version 1.1.0 made Tokenize generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the lastTokenReset field. Patches Version 1.1.3 contains a patch that'll invalidate these faulty tokens and mak...

Netwide Assembler Heap Buffer Over-Read Vulnerability

Netwide Assembler NASM is a portable, modular 80x86 and x86-64 assembler. A heap buffer over-read vulnerability exists in the tokenize function in asm/preproc.c in Netwide Assembler NASM 2.13.02rc2, for which there is currently no detailed vulnerability description...