Lucene search
K

5 matches found

OSV
OSV
added 2025/05/28 12:0 a.m.1 views

UBUNTU-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS5.8AI score0.00235EPSS
Exploits0References4
Veracode
Veracode
added 2025/05/08 3:1 a.m.8 views

Remote Code Execution (RCE)

vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network interfaces, allows insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network...

10CVSS7.3AI score0.01478EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2025/04/30 12:41 a.m.3 views

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Mooncake integration. An attacker can execute arbitrary code by sending malicious payloads to a pickle base...

10CVSS7.8AI score0.01478EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/04/29 2:52 p.m.16 views

vLLM Vulnerable to Remote Code Execution via Mooncake Integration

Impacted Deployments Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable. Description vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were...

10CVSS7.7AI score0.01478EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/04/29 2:52 p.m.0 views

GHSA-HJ4W-HM2G-P6W5 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

Impacted Deployments Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable. Description vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were...

10CVSS7.7AI score0.01478EPSS
Exploits1References7
Rows per page
Query Builder