Lucene search
K

797 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.2

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

8CVSS7.1AI score0.0032EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago7 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Tech Preview Release Of the Go based Model Transparency CLI

The Tech Preview release of the Go based RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The Go based RHTAS Model Transparency CLI image can be used to sign and verify AI/M...

9.1CVSS6.8AI score0.00533EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41207

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 11:16 p.m.6 views

CVE-2026-14440

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS0.00135EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:35 p.m.9 views

CVE-2026-14440

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/07/01 7:57 p.m.11 views

sigstore-js has Insufficient Verification of Data Authenticity

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/01 7:57 p.m.3 views

GHSA-XGJW-PM74-86Q4 sigstore-js has Insufficient Verification of Data Authenticity

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-55205

Name of the Vulnerable Software and Affected Versions sigstore-js versions prior to 3.1.1 Description The @sigstore/verify library incorrectly derives a transparency-log timestamp from the tlogEntries.integratedTime variable for bundle v0.2 inclusionProof-only entries. Because the inclusion proof...

6.5CVSS6.1AI score
Exploits0References7
Oracle linux
Oracle linux
added 2026/06/23 12:0 a.m.6 views

libpng15 security update

1.5.30-15.1 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161449 1.5.30-15 - fix CVE-2026-25646: heap buffer overflow in pngsetquantize RHEL-148412...

7.5CVSS6.5AI score0.01052EPSS
Exploits2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37645

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 2:2 p.m.8 views

GHSA-8JR5-V98P-W75M vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

4.8CVSS5.3AI score0.00239EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/17 2:2 p.m.20 views

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 10:7 a.m.35 views

CVE-2026-12491

CVE-2026-12491 affects the vLLM library used for LLM inference. The issue stems from improper handling of image metadata during image processing, specifically EXIF orientation and PNG transparency (tRNS). When converting images to RGB, transparency information may be discarded or remapped, causin...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 10:7 a.m.35 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 10:7 a.m.4 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/17 10:7 a.m.6 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/17 10:7 a.m.4 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/17 10:7 a.m.13 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.3AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50278

Name of the Vulnerable Software and Affected Versions vLLM affected versions not specified Description An issue exists in the image processing logic where image metadata is improperly handled. Specifically, the software fails to call ImageOps.exif transpose to normalize EXIF orientation, causing...

4.8CVSS6.1AI score0.00239EPSS
Exploits0References13
Rows per page
Query Builder