Latest CVE Feed
-
5.8
MEDIUMCVE-2025-64751
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to i... Read more
Affected Products : openfga- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-62426
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chat_template_kwargs request parameter that is used in the code before it is properly v... Read more
Affected Products : vllm- Published: Nov. 21, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Denial of Service
-
8.3
HIGHCVE-2025-62372
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hid... Read more
Affected Products : vllm- Published: Nov. 21, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-62164
vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Complet... Read more
Affected Products : vllm- Published: Nov. 21, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption