Common Vulnerabilities and Exposures (CVE)

CVE-2026-55574

Jul 6, 2026 20:52:57 UTC

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends wit...

CVE-2026-55727

Jul 6, 2026 20:52:18 UTC

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams.

CVE-2026-44362

Jul 6, 2026 20:51:51 UTC

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-...

CVE-2026-58403

Jul 6, 2026 20:51:27 UTC

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follo...

CVE-2026-42546

Jul 6, 2026 20:51:23 UTC

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists ...

CVE-2026-55514

Jul 6, 2026 20:46:52 UTC

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting do...

CVE-2026-43825

Jul 6, 2026 20:38:00 UTC

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected:   before 3.0.0-M4 (libsvm document categorization module; introduced in   OPENNLP-1808 and only present on the 3.x line) Description: SvmDoccatModel.deseri...

CVE-2026-24014

Jul 6, 2026 20:37:58 UTC

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an at...

CVE-2026-24013

Jul 6, 2026 20:37:57 UTC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSes...

CVE-2026-24012

Jul 6, 2026 20:37:56 UTC

Uncontrolled Resource Consumption vulnerability in Apache IoTDB.  Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters (e.g., a...

CVE-2025-71347

Jul 6, 2026 20:24:07 UTC

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files th...

CVE-2026-22555

Jul 6, 2026 20:23:09 UTC

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.

CVE-2026-55646

Jul 6, 2026 19:49:44 UTC

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before...

CVE-2026-59089

Jul 6, 2026 19:48:53 UTC

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors an...

CVE-2026-41516

Jul 6, 2026 19:47:57 UTC

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS#1 v1.5 dec...