CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20677
https://notcve.org/view.php?id=CVE-2025-20677
02 Jun 2025 — This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2025 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20676
https://notcve.org/view.php?id=CVE-2025-20676
02 Jun 2025 — This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2025 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20675
https://notcve.org/view.php?id=CVE-2025-20675
02 Jun 2025 — This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2025 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20673
https://notcve.org/view.php?id=CVE-2025-20673
02 Jun 2025 — This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2025 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-5404 – chaitak-gorai Blogbook GET Parameter search.php denial of service
https://notcve.org/view.php?id=CVE-2025-5404
01 Jun 2025 — The manipulation of the argument Search leads to denial of service. ... Mittels dem Manipulieren des Arguments Search mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20search.php%20search%20Parameter%20SQL%20Injection.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48944 – vLLM Tool Schema allows DoS via Malformed pattern and type Fields
https://notcve.org/view.php?id=CVE-2025-48944
30 May 2025 — vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the... • https://github.com/vllm-project/vllm/pull/17623 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48943 – vLLM allows clients to crash the openai server with invalid regex
https://notcve.org/view.php?id=CVE-2025-48943
30 May 2025 — Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. • https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff • CWE-248: Uncaught Exception •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48942 – vLLM DOS: Remotely kill vllm over http with invalid JSON schema
https://notcve.org/view.php?id=CVE-2025-48942
30 May 2025 — vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue. • https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff • CWE-248: Uncaught Exception •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48887 – vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
https://notcve.org/view.php?id=CVE-2025-48887
30 May 2025 — vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. • https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48889 – Gradio Allows Unauthorized File Copy via Path Manipulation
https://notcve.org/view.php?id=CVE-2025-48889
30 May 2025 — While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. • https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g • CWE-434: Unrestricted Upload of File with Dangerous Type •