Lucene search
K

304 matches found

Vulnrichment
Vulnrichment
added 2025/06/24 3:21 a.m.3 views

CVE-2025-52566 llama.cpp tokenizer signed vs. unsigned heap overflow

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

8.6CVSS7.3AI score0.00318EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/24 3:21 a.m.10 views

CVE-2025-52566 llama.cpp tokenizer signed vs. unsigned heap overflow

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

8.6CVSS0.00318EPSS
Exploits1References2
OSV
OSV
added 2025/06/24 3:21 a.m.7 views

CVE-2025-52566 llama.cpp tokenizer signed vs. unsigned heap overflow

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

8.6CVSS6.7AI score0.00318EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.3 views

llama.cpp 安全漏洞

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5721, which stems from the presence of signed and unsigned integer overflows in the tokenizer implementation, which could lead to a heap overflow...

8.8CVSS6.4AI score0.00318EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/06/19 12:0 a.m.3 views

Watermarking Autoregressive Image Generation

Watermarking the outputs of generative models has emerged as a promising approach for tracking their provenance. Despite significant interest in autoregressive image generation models and their potential for misuse, no prior work has attempted to watermark their outputs at the token level. In thi...

6.9AI score
Exploits0
Huntr
Huntr
added 2025/06/18 1:10 p.m.7 views

Path Traversal in Tokenizer Conversion Script

The script for converting slow tokenizers is vulnerable to a Path Traversal attack via the --checkpointname command-line argument. This allows an attacker to create files outside of the intended dumppath directory. Vulnerable Code Location: The vulnerability is located in the logic for converting...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/18 12:0 a.m.4 views

Rubber Mallet: a Study of High Frequency Localized Bit Flips and Their Impact on Security

The increasing density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows. This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses...

7.6AI score
Exploits0
Huntr
Huntr
added 2025/06/14 10:45 a.m.8 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...

7.5CVSS6.2AI score0.00483EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.2 views

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1011 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly bei...

6.5CVSS7.2AI score0.0045EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/11 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

6.5CVSS7.2AI score0.0045EPSS
Exploits0
Amazon
Amazon
added 2025/06/10 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

6.5CVSS7.7AI score0.0045EPSS
Exploits0
Amazon
Amazon
added 2025/06/10 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

6.5CVSS9.6AI score0.0045EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/09 12:0 a.m.4 views

GradEscape: a Gradient-Based Evader against AI-Generated Text Detectors

In this paper, we introduce GradEscape, the first gradient-based evader designed to attack AI-generated text AIGT detectors. GradEscape overcomes the undifferentiable computation problem, caused by the discrete nature of text, by introducing a novel approach to construct weighted embeddings for t...

6.9AI score
Exploits0
Amazon
Amazon
added 2025/06/02 12:0 a.m.13 views

Important: soci-snapshotter

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/02 12:0 a.m.13 views

Important: nerdctl

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00724EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.11 views

Amazon Linux 2 : nerdctl (ALAS-2025-2863)

The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

9.1CVSS7.3AI score0.00724EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.3 views

CBL Mariner 2.0 Security Update: cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device-plugin (CVE-2025-22872)

The version of cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device- plugin installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22872 advisory. - The...

6.5CVSS7.3AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2025/04/30 1:15 a.m.34 views

CVE-2025-46560

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

7.5CVSS0.00426EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/30 12:24 a.m.44 views

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

6.5CVSS0.00426EPSS
Exploits1References2
OSV
OSV
added 2025/04/30 12:24 a.m.3 views

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

6.5CVSS6.3AI score0.00426EPSS
Exploits1References4
Rows per page
Query Builder