38 matches found
CVE-2026-44222
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders
vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Summary This report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during...
CVE-2025-27004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famousgridimageandvideogallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Galler...
EUVD-2024-52528
Malicious code in bioql PyPI...
EUVD-2025-3301
Malicious code in bioql PyPI...
EUVD-2023-35147
Malicious code in bioql PyPI...
EUVD-2023-59675
Malicious code in bioql PyPI...
CVE-2024-54408
Cross-Site Request Forgery CSRF vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through = 1.9...
CVE-2023-30785
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Video Grid plugin = 1.21 versions...
CVE-2025-23634
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...
CVE-2025-23634
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...
CVE-2025-23634
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...
CVE-2025-23634 WordPress Youtube Video Grid plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...
CVE-2025-23634
CVE-2025-23634 is a Reflected XSS in the WordPress plugin Youmax (notFound Youtube Video Grid) affecting versions up to 1.9. The vulnerability originates from improper input neutralization during web page generation, enabling reflected script execution. Public references in the dataset (NVD/NVD m...
PT-2025-4990 · Unknown · Notfound Youtube Video Grid
Name of the Vulnerable Software and Affected Versions: NotFound Youtube Video Grid versions 1.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject...
WordPress plugin Youtube Video Grid 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Youtube Video Grid plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Youtube Video Grid versions = 1.9...
CVE-2024-54408
Cross-Site Request Forgery CSRF vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through = 1.9...