CVE-2026-49121

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

JLSEC-2026-514

An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...

Exploit for Integer Overflow or Wraparound in Zeromq Libzmq

CVE-2019-6250 — libzmq pre-auth RCE lab !CVEhttps://img.s...

ML Defender (ARGus NDR): An Open-Source Embedded ML NIDS for Botnet and Anomalous Traffic Detection in Resource-Constrained Organizations

Ransomware and DDoS attacks disproportionately impact hospitals, schools, and small organizations that cannot afford enterprise security solutions. We present ML Defender aRGus NDR, an open-source network intrusion detection system built in C++20, deployable on commodity hardware at approximately...

EUVD-2026-11557

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability that stems from the multi-modal generation module deserializing unvalidated data through the ZMQ proxy, potentially allowing remote code...

PT-2026-24941

Name of the Vulnerable Software and Affected Versions SGLang affected versions not specified Description The SGLang multimodal generation module is susceptible to unauthenticated remote code execution. This occurs through the ZMQ broker, which deserializes untrusted data using the pickle.loads...

CVE-2025-10975

A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoningserver::runreasoningserver of the file experiments/robot/bridge/reasoningserver.py of the component ZeroMQ. Performing manipulati...

CVE-2025-10772 huggingface LeRobot ZeroMQ Socket lekiwi_remote.py missing authentication

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

Linux Distros Unpatched Vulnerability : CVE-2016-8598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the zmq interface in cspifzmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute...

GHSA-9F8F-2VMF-885J Data exposure via ZeroMQ on multi-node vLLM deployment

Impact In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism acros...

SUSE CVE-2014-7203

libzmq aka ZeroMQ/C++ 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors...

SUSE CVE-2021-20235

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoderallocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server...

UBUNTU-CVE-2021-20234

An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...

ZeroMQ Denial of Service Vulnerability

ZeroMQ is a lightweight distributed messaging engine core library . A security vulnerability exists in versions prior to ZeroMQ 4.3.1-4+deb10u2. The vulnerability originates from a remote unauthenticated client running using the libzmq library to connect to an application and can be exploited by ...

CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due...

PT-2017-4282 · Rsyslog +1 · Rsyslog +1

Name of the Vulnerable Software and Affected Versions: Rsyslog versions prior to 8.28.0 Description: The issue is related to insufficient processing of format strings in the input/output modules of the Rsyslog utility for log processing. Exploitation of this issue could allow a remote attacker to...

ALPINE-CVE-2016-7938

The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1printframe...