Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

128 New today

64,732 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow_CVE-2026-53923

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is alloca...

CVE-2026-53923 vllm-project vllm >= 0.5.5, < 0.23.1rc0

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-48746	vLLM: OpenAI auth bypass_CVE-2026-48746 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlett...	vllm-project	vllm >= 0.3.0, < 0.22.0	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-47155	vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors_CVE-2026-47155 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently app...	vllm-project	vllm < 0.22.0	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-41523	vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution_CVE-2026-41523 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation func...	vllm-project	vllm < 0.22.0	Jun 22, 2026	CVE
NONE	959BDE59-627E-	bypass-code-defender_959BDE59-627E-5EBC-B239-D7E23BC18A90 ansi ┌──root💀bypass- └─ cat /etc/bypass-code/about ─────────────────────────────────── yaml system: name: "BYPASSCODE" role: "server / vps guardia...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
HIGH 8.8	MS:CVE-2026-12439	Chromium: CVE-2026-12439 Use after free in Digital Credentials_MS:CVE-2026-12439 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 4.2	MS:CVE-2026-12456	Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions_MS:CVE-2026-12456 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 6.5	MS:CVE-2026-12461	Chromium: CVE-2026-12461 Out of bounds read in WebRTC_MS:CVE-2026-12461 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.5	CVE-2026-55603	http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`_CVE-2026-55603 http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for r...	chimurai	http-proxy-middleware >= 3.0.4, < 3.0.7	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-55599	phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access_CVE-2026-55599 phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 cer...	phpseclib	phpseclib >= 0.1.1, < 1.0.30	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow_CVE-2026-53923

Recent Advisories

vLLM: OpenAI auth bypass_CVE-2026-48746

vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors_CVE-2026-47155

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution_CVE-2026-41523

bypass-code-defender_959BDE59-627E-5EBC-B239-D7E23BC18A90

Chromium: CVE-2026-12439 Use after free in Digital Credentials_MS:CVE-2026-12439

Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions_MS:CVE-2026-12456

Chromium: CVE-2026-12461 Out of bounds read in WebRTC_MS:CVE-2026-12461

http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`_CVE-2026-55603

phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access_CVE-2026-55599

Protect Your Attack Surface with RedGem

Security Intelligence
Feed