Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-55653 — Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path d…

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Pro…

Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
8.2 HIGH
CVE-2026-11833 — FAST/TOOLS CI Server Information Disclosure

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an at…

fast\/tools | Remote | Information Disclosure
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-10658 — Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/bluetooth/host/iso.c), when processing PB=START/SINGLE f…

zephyr | Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-10651 — Bluetooth Classic SDP parser truncation bug in bt_sdp_parse_attribute() leads to reachabl…

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt_sdp_parse_attribute() accepts an input buffer once it …

zephyr | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
4.9 MEDIUM
CVE-2026-10645 — fs: ext2: Missing structural validation of directory entries can cause out-of-bounds read…

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ex…

zephyr | Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
5.3 MEDIUM
CVE-2026-54236 — vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory add…

vllm vllm | Remote | Information Disclosure
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
6.9 MEDIUM
CVE-2026-54235 — vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU ker…

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN…

vllm vllm | Remote | Misconfiguration
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
6.5 MEDIUM
CVE-2026-54233 — vLLM: OOM Denial of Service via Audio Decompression Bomb

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB…

vllm vllm | Remote | Denial of Service
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
8.8 HIGH
CVE-2026-54232 — vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package.…

vllm vllm | Remote | Supply Chain
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
7.5 HIGH
CVE-2026-53923 — vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overf…

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf…

vllm vllm | Remote | Information Disclosure
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
9.1 CRITICAL
CVE-2026-48746 — vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentica…

vllm vllm | Remote | Authentication
Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-47155 — vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights…

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment…

vllm vllm | Remote | Supply Chain
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
7.5 HIGH
CVE-2026-41523 — vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Ar…

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to …

vllm vllm | Remote | Authentication
Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
6.1 MEDIUM
CVE-2026-56698 — Nuxt - Cross-Site Scripting via navigateTo open Option

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs…

nuxt og_image | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 25, 2026
Jun 22, 2026
Jun 25, 2026
6.1 MEDIUM
CVE-2026-56697 — Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-ori…

nuxt og_image | Remote | Server-Side Request Forgery
Jun 22, 2026 Jun 25, 2026
Jun 22, 2026
Jun 25, 2026
6.3 MEDIUM
CVE-2026-56357 — n8n - Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Tr…

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook UR…

n8n | Remote | Authentication
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
9.9 CRITICAL
CVE-2026-56348 — n8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Par…

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains re…

n8n | Remote | Server-Side Request Forgery
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
6.1 MEDIUM
CVE-2026-56326 — Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and …

nuxt og_image | Remote | Misconfiguration
Jun 22, 2026 Jun 25, 2026
Jun 22, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-56324 — Capgo - Rate Limit Bypass via User-Controlled device_id Parameter

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. At…

Remote | Denial of Service
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
8.7 HIGH
CVE-2026-56323 — Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and deter…

Remote | Information Disclosure
Jun 22, 2026 Jun 23, 2026
Jun 22, 2026
Jun 23, 2026
Showing 20 of 7989 Results