CVE-2026-49121

CVE-2026-49121 affects AI Tensor Engine for ROCm (AITER) up to version 0.1.14. The vulnerability exists in the MessageQueue.recv() function in shm_broadcast.py, where an unauthenticated remote attacker can deliver a crafted pickle payload to a ZMQ SUB socket (no authentication, no HMAC, no format...

CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

CVE-2026-3059 CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

EUVD-2016-9445

Malware in sbrugna...

EUVD-2025-6725

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization exposed over ZMQ/TCP on all network interfaces when vLLM is configured to use Mooncake, allowing an attacker to execute arbitrary code on distributed hosts...

GHSA-X3M8-F7G5-QHM7 vLLM Allows Remote Code Execution via Mooncake Integration

Summary When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP will allow attackers to execute remote code on distributed hosts. Details 1. Pickle deserialization vulnerabilities are well documented. 2. The mooncake pipe is exposed over the network by design...

CVE-2025-29783 vLLM Allows Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code...

MAL-2024-10322 Malicious code in appdynamics-zmq (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edeecacb7e2c621f176ceac58920c72b087125f97bcad07341fc773c2b75ccc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in appdynamics-zmq (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edeecacb7e2c621f176ceac58920c72b087125f97bcad07341fc773c2b75ccc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2020-36400

ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcpread, a different vulnerability than CVE-2021-20235...

Malicious Package

Overview appdynamics-zmq is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

CVE-2020-36400

ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcpread, a different vulnerability than CVE-2021-20235...

CVE-2020-36400

CVE-2020-36400 affects ZeroMQ libzmq 4.3.3 and is a heap-based buffer overflow in zmq::tcp_read. Connected sources describe a remote, unauthenticated attacker triggering a buffer overflow on the zeromq server when receiving crafted input, potentially impacting availability, data integrity, and co...

OSV-2020-1887 Heap-buffer-overflow in zmq::tcp_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 Crash type: Heap-buffer-overflow WRITE Crash state: zmq::tcpread zmq::streamenginebaset::read zmq::streamenginebaset::ineventinternal...

OSV-2020-910 Use-of-uninitialized-value in zmq::stream_engine_base_t::out_event

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24200 Crash type: Use-of-uninitialized-value Crash state: zmq::streamenginebaset::outevent zmq::epollt::loop zmq::workerpollerbaset::workerroutine...

OSV-2020-784 Bad-cast to zmq::session_base_t from invalid vptr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24018 Crash type: Bad-cast Crash state: Bad-cast to zmq::sessionbaset from invalid vptr zmq::streamenginebaset::ineventinternal zmq::streamenginebaset::inevent...

libzmq:socket_connect_fuzzer: Heap-buffer-overflow in zmq::tcp_read

Project: https://github.com/zeromq/libzmq.git Detailed Report: https://oss-fuzz.com/testcase?key=5765226510417920 Project: libzmq Fuzzing Engine: honggfuzz Fuzz Target: socketconnectfuzzer Job Type: honggfuzzasanlibzmq Platform Id: linux Crash Type: Heap-buffer-overflow WRITE Crash Address:...

AIL Framework - Framework for Analysis of Information Leaks

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information e.g...