|
1461
|
6.5 |
MEDIUM
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-47155
|
2026-06-25 01:49 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1462
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to …
New
|
CWE-94
CWE-617
Code Injection
Reachable Assertion
|
CVE-2026-41523
|
2026-06-25 01:48 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1463
|
5.3 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook UR…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-56357
|
2026-06-25 01:47 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1464
|
9.9 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains re…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56348
|
2026-06-25 01:46 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1465
|
7.5 |
HIGH
Network
|
chimurai
|
http-proxy-middleware
|
http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed …
New
|
CWE-93
CRLF Injection
|
CVE-2026-55603
|
2026-06-25 01:44 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1466
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with th…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-54651
|
2026-06-25 01:41 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1467
|
8.2 |
HIGH
Network
|
-
|
-
|
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. At…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-56324
|
2026-06-25 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1468
|
7.2 |
HIGH
Network
|
-
|
-
|
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with adm…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56222
|
2026-06-25 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1469
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-56119
|
2026-06-25 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1470
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-56118
|
2026-06-25 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
