Poster - CVE CyberSecurity Database News (Page 56)

Apr 30, 2025 API

CVE-2025-46342 - How a Small Miss in Kyverno Let Hackers Slip Through Critical Policy Checks

TL;DR: A subtle bug in Kyverno (before v1.13.5 & v1.14.) let users with Kubernetes API access bypass essential security policies. That

Apr 30, 2025

CVE-2025-46560 - vLLM Multimodal Tokenizer Quadratic Complexity Vulnerability — Explanation and Exploit

On April 2025, security researchers discovered CVE-2025-46560 — a critical performance vulnerability in the vLLM serving engine for large language models (LLMs). This bug allowed attackers

Apr 30, 2025

CVE-2025-30202 - vLLM Exposed — Denial of Service and Data Leakage via ZeroMQ XPUB Socket

vLLM is a popular, high-speed inference and serving engine built for Large Language Models. It's known for its performance and efficiency in powering

Apr 30, 2025 RCE Exploit

CVE-2025-32444 - Remote Code Execution in vLLM Mooncake Integration via Unsafe Pickle Serialization

A new security vulnerability, CVE-2025-32444, impacts certain versions of vLLM – a popular high-throughput and memory-efficient inference and serving engine for large language models (LLMs). This

Apr 29, 2025 Java

CVE-2025-3501 - How a Misconfigured Policy in Keycloak Skips Trust Store Verification (Full Analysis & Exploit Demo)

Keycloak is a widely used open-source identity and access management solution. It helps secure apps by handling login, SSO, role-based access controls, and more. In