Export limit exceeded: 364926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62426 2 Vllm, Vllm-project 2 Vllm, Vllm 2025-12-04 6.5 Medium
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chat_template_kwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chat_template_kwargs parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests. This issue has been patched in version 0.11.1.
CVE-2025-62372 2 Vllm, Vllm-project 2 Vllm, Vllm 2025-12-04 6.5 Medium
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.
CVE-2025-53939 2 Accellion, Kiteworks 2 Kiteworks, Kiteworks 2025-12-04 6.3 Medium
Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0.
CVE-2025-58436 2 Linux, Openprinting 2 Linux, Cups 2025-12-04 5.1 Medium
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.
CVE-2025-46175 1 Ruoyi 1 Ruoyi 2025-12-04 7.5 High
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
CVE-2025-34138 1 Sitecore 4 Experience Commerce, Experience Manager, Experience Platform and 1 more 2025-12-04 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of CVE-2025-53692 and CVE-2025-53694.
CVE-2016-9842 8 Apple, Canonical, Debian and 5 more 22 Iphone Os, Mac Os X, Tvos and 19 more 2025-12-04 8.8 High
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9318 4 Canonical, Redhat, Xmlsec Project and 1 more 4 Ubuntu Linux, Jboss Core Services, Xmlsec and 1 more 2025-12-04 5.5 Medium
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
CVE-2016-6301 1 Busybox 1 Busybox 2025-12-04 7.5 High
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
CVE-2016-5131 8 Apple, Canonical, Debian and 5 more 18 Iphone Os, Mac Os X, Tvos and 15 more 2025-12-04 8.8 High
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2016-4425 1 Jansson Project 1 Jansson 2025-12-04 6.5 Medium
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
CVE-2016-3627 7 Canonical, Debian, Hp and 4 more 15 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 12 more 2025-12-04 7.5 High
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
CVE-2025-61915 2 Opengroup, Openprinting 2 Unix, Cups 2025-12-04 6 Medium
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
CVE-2025-62164 2 Vllm, Vllm-project 2 Vllm, Vllm 2025-12-04 8.8 High
vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1.
CVE-2025-66422 1 Tryton 1 Trytond 2025-12-04 4.3 Medium
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVE-2025-66423 1 Tryton 1 Trytond 2025-12-04 7.1 High
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVE-2025-59792 1 Apache 1 Kvrocks 2025-12-04 5.3 Medium
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-59790 1 Apache 1 Kvrocks 2025-12-04 5.4 Medium
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-66424 1 Tryton 1 Trytond 2025-12-04 6.5 Medium
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVE-2025-65186 1 Getgrav 2 Grav, Grav Cms 2025-12-04 6.1 Medium
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.