|
1901
|
5.4 |
MEDIUM
Network
|
eclipse
|
open_vsx
|
Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4983
|
2026-06-25 01:55 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
5.3 |
MEDIUM
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory add…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-54236
|
2026-06-25 01:53 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
6.5 |
MEDIUM
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-54235
|
2026-06-25 01:53 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
6.5 |
MEDIUM
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-54233
|
2026-06-25 01:52 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
8.8 |
HIGH
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package.…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-54232
|
2026-06-25 01:51 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf…
|
CWE-200
CWE-681
Information Exposure
Incorrect Conversion between Numeric Types
|
CVE-2026-53923
|
2026-06-25 01:51 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
9.1 |
CRITICAL
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentica…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-48746
|
2026-06-25 01:49 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
6.5 |
MEDIUM
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-47155
|
2026-06-25 01:49 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1909
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to …
|
CWE-94
CWE-617
Code Injection
Reachable Assertion
|
CVE-2026-41523
|
2026-06-25 01:48 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
5.3 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook UR…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-56357
|
2026-06-25 01:47 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
