A serious flaw in the popular vLLM library could let attackers crash servers or even run malicious code remotely. Security researcher Russellb disclosed the issue last week via GitHub Advisory.
Rated "High" severity, it affects vLLM versions 0.10.2 and later, with no patch available...
Wireshark, the leading open-source network protocol analyzer, released version 4.6.1 on November 19, 2025, to fix two security flaws in its dissectors that could cause the application to crash when processing malformed packets.
These issues, tracked as WNPA-SEC-2025-05 and WNPA-SEC-2025-06, affect the BPv7 and...
CrowdStrike researchers discovered that DeepSeek-R1, a 671-billion-parameter large language model from a Chinese AI firm released in January 2025, produces up to 50% more insecure code when prompts mention topics sensitive to Chinese authorities, such as Tibet, Uyghurs, or Falun Gong.
Without such triggers,...
Microsoft patched a severe flaw in Azure Bastion on November 20, 2025, tracked as CVE-2025-49752, that allows attackers to bypass authentication checks and gain admin rights on virtual machines.
This vulnerability carries a top CVSS v4.0 score of 10.0 due to its network-based attack...
Grafana released emergency patches for a critical SCIM vulnerability (CVE-2025-41115) that allows attackers to escalate privileges or impersonate admins in Grafana Enterprise.
The flaw, scored CVSS 10.0, affects versions 12.0.0 through 12.2.1 when SCIM provisioning is enabled.
Grafana Labs disclosed it alongside the Enterprise...
A critical authentication bypass flaw in Milvus Proxy (CVE-2025-64513) allows attackers to bypass all security checks.
Discovered by the HelixGuard Team on November 12, 2025, this issue affects popular versions of Milvus, an open-source vector database designed for AI workloads, including generative models.
Attackers...