9.1
CVE-2026-34950 - fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed โฆ
fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patchโฆ
0
CVE-2026-34940 - KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary coโฆ
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via baโฆ
2.3
CVE-2026-34764 - Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditionโฆ
6.5
CVE-2026-34756 - vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Seโฆ
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequesโฆ
6.5
CVE-2026-34755 - vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frโฆ
5.4
CVE-2026-34753 - vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests fโฆ
7.8
CVE-2026-21382 - Buffer Copy Without Checking Size of Input in Power Management IC
Memory Corruption when handling power management requests with improperly sized input/output buffers.
7.6
CVE-2026-21381 - Buffer Over-read in WLAN Firmware
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
7.8
CVE-2026-21380 - Use After Free in DSP Service
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
7.8
CVE-2026-21378 - Buffer Over-read in Camera
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.