Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-54236: CWE-532: Insertion of Sensitive Information into Log File in vllm-project vllmCVE-2026-54236 0 vLLM versions prior to 0.23.1rc0 have an incomplete fix for a sensitive information leak vulnerability (CVE-2026-54236). Certain API routes and WebSocket handlers in vLLM bypass the global exception sanitization, causing memory addresses to be exposed in error messages sent to clients. An unauthenticated attacker can exploit this by sending malformed image data to trigger errors that leak heap memory addresses in JSON responses. This vulnerability is fixed in version 0.23.1rc0. Join the discussion | CVE Database V5 | 06/22/2026, 22:09:15 UTC Added: 06/22/2026, 22:39:45 UTC |
CVE-2026-54233: CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) in vllm-project vllmCVE-2026-54233 0 vLLM versions prior to 0.23.1rc0 have a vulnerability in the /v1/audio/transcriptions endpoint where the compressed upload size is limited but the decoded PCM output size is not. This allows a relatively small OPUS audio file to expand massively in memory during decoding, causing data amplification. The issue is fixed in version 0.23.1rc0. Join the discussion | CVE Database V5 | 06/22/2026, 22:10:45 UTC Added: 06/22/2026, 22:39:45 UTC |
CVE-2026-53923: CWE-681: Incorrect Conversion between Numeric Types in vllm-project vllmCVE-2026-53923 0 vLLM versions from 0.5.5 up to but not including 0.23.1rc0 contain a vulnerability where integer truncation in the GGUF dequantize CUDA kernels causes partial tensor processing. This results in uninitialized portions of output tensors retaining residual GPU memory data, potentially exposing data from other users in multi-tenant inference environments. The issue is fixed starting with version 0.23.1rc0. Join the discussion | CVE Database V5 | 06/22/2026, 21:55:42 UTC Added: 06/22/2026, 22:39:45 UTC |
CVE-2026-47155: CWE-345: Insufficient Verification of Data Authenticity in vllm-project vllmCVE-2026-47155 0 vLLM versions prior to 0.22.0 have an insufficient verification of data authenticity issue related to revision pinning controls. These controls do not consistently apply to all artifacts loaded for a model, allowing dynamic code and other components to be loaded from unpinned or default revisions. This creates a supply-chain integrity risk where operators may unknowingly serve unreviewed or unintended model artifacts. The vulnerability is fixed in version 0.22.0. Join the discussion | CVE Database V5 | 06/22/2026, 22:20:10 UTC Added: 06/22/2026, 22:39:45 UTC |
CVE-2026-4944: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in vllm-project vllm-project/vllmCVE-2026-4944 0 vllm-project/vllm version 0.14.1 contains a high-severity path traversal vulnerability (CWE-22) due to hardcoded trust_remote_code=True parameters in two model implementation files. This bypasses user settings intended to disable remote code execution, allowing malicious HuggingFace model repositories to execute code remotely. The issue is a partial fix failure for previous CVEs and specifically affects deployments using NemotronVL or KimiK25 models. No official patch or remediation guidance is currently available. Join the discussion | CVE Database V5 | 05/28/2026, 18:04:05 UTC Added: 05/28/2026, 18:48:45 UTC |
Showing 1 to 5 of 5 results