Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2025/12/13 7:29 a.m.4 views

Remote Code Execution

SGLang is vulnerable to Remote Code Execution. The vulnerability is due to the manipulation of the argument serializednamedtensors, where the function main of the file /updateweightsfromtensor results in deserialization, and attackers can launch the attack remotely by exploiting this vulnerabilit...

7.5CVSS5.7AI score0.00376EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2025/09/09 9:30 p.m.5 views

SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS7.4AI score0.00376EPSS
Exploits0References6Affected Software1
Snyk
Snykadded 2025/09/09 7:44 p.m.4 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the main function in the /updateweightsfromtensor process in...

7.5CVSS7.7AI score0.00376EPSS
Exploits0References2
CVE
CVEadded 2025/09/09 6:32 p.m.18 views

CVE-2025-10164

CVE-2025-10164 affects lmsys sglang 0.4.6. The vulnerability is in the main function of the file /update_weights_from_tensor, where manipulation of the serialized_named_tensors input enables deserialization, allowing remote exploitation. Public exploits exist and the vendor was unresponsive. Publ...

7.5CVSS6.5AI score0.00376EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/09/09 12:0 a.m.2 views

LMSYS SGLang 代码问题漏洞

LMSYS SGLang is a large language model inference engine from LMSYS open source. A code issue vulnerability exists in LMSYS SGLang version 0.4.6, which stems from a misbehavior of the parameter serializednamedtensors of the function main in the file /updateweightsfromtensor resulting in...

7.5CVSS7.4AI score0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/09/09 12:0 a.m.13 views

PT-2025-36911

Name of the Vulnerable Software and Affected Versions lmsys sglang version 0.4.6 Description A security flaw exists in lmsys sglang version 0.4.6. The issue involves the main function within the /update weights from tensor file, which is susceptible to deserialization due to manipulation of the...

7.5CVSS7.2AI score0.00376EPSS
Exploits0References9
NVD
NVDadded 2020/09/25 7:15 p.m.16 views

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

9.9CVSS0.00891EPSS
Exploits1References3
Rows per page
Query Builder