news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	MS:CVE-2026-12449	Chromium: CVE-2026-12449 Use after free in Chromoting_MS:CVE-2026-12449 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12465	Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics_MS:CVE-2026-12465 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.3	CVE-2026-54236	vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router_CVE-2026-54236 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a saniti...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-54235	vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels_CVE-2026-54235 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operat...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54233	vLLM: OOM Denial of Service via Audio Decompression Bomb_CVE-2026-54233 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compr...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54232	vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile_CVE-2026-54232 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confus...	vllm-project	vllm < 0.22.1	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-53923	vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow_CVE-2026-53923 vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vL...	vllm-project	vllm >= 0.5.5, < 0.23.1rc0	Jun 22, 2026	CVE
CRITICAL 9.1	CVE-2026-48746	vLLM: OpenAI auth bypass_CVE-2026-48746 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlett...	vllm-project	vllm >= 0.3.0, < 0.22.0	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-47155	vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors_CVE-2026-47155 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently app...	vllm-project	vllm < 0.22.0	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-41523	vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution_CVE-2026-41523 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation func...	vllm-project	vllm < 0.22.0	Jun 22, 2026	CVE