Ez-Lbz

Name of the Vulnerable Software and Affected Versions vLLM versions 0.1.0 through 0.18.9 Description A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the `n` parameter in the `ChatCompletionRequest` and `CompletionRequest` Pydantic models, an unauthenticated attacker can send a single HTTP request with an astronomically large `n` value. This completely blocks the Python `asyncio` event loop and causes immediate Out-Of-Memory crashes by allocating millions of request object copies in the heap before the request even reaches the scheduling queue. The root cause lies in missing upper bound checks during request parsing and asynchronous scheduling. The vulnerability impacts any individual or organization hosting a public-facing vLLM API server and SaaS/AI-as-a-Service platforms acting as reverse proxies without strict HTTP body payload validation or rate limitations. Recommendations Update to version 0.19.0 or later.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.10.0 **Description** A flaw exists in PyTorch related to deserialization within the pt2 Loading Handler component. The issue is triggered by manipulation of an unknown function. This can be exploited in a local environment. The project was informed of the problem through a pull request, but a response has not been issued. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZenTao versions up to 21.7.8 **Description** A path traversal issue exists in ZenTao due to manipulation of the `filePath` argument within the `delete` function of the `editor/control.php` file, specifically within the Committer component. **Recommendations** Upgrade to version 21.7.9. Upgrade the affected component.

**Name of the Vulnerable Software and Affected Versions** ZenTao versions prior to 21.7.9 **Description** A flaw exists in ZenTao up to version 21.7.8 related to path traversal. The issue is located within the `delete` function of the `editor/control.php` file, part of the Backup Handler component. Manipulation of the `fileName` argument can lead to unauthorized file access. This issue can be triggered remotely, and details of the exploit are publicly available. **Recommendations** Update to version 21.7.9 or later.

**Name of the Vulnerable Software and Affected Versions** DeepAudit versions prior to 3.0.5 **Description** An improper access control issue exists in DeepAudit versions 3.0.4 and earlier. The `/api/v1/users/` API endpoint allows any authenticated user to enumerate all users within the system. This allows retrieval of sensitive information such as email addresses, phone numbers, full names, and role information. The vulnerable parameter is not specified. **Recommendations** Update DeepAudit to version 3.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** ZenTao versions through 21.7.6-85642 **Description** A server-side request forgery condition exists in ZenTao. The issue is located in the `fetchHook` function within the `module/webhook/model.php` file of the Webhook Module component. This manipulation can be initiated remotely and the exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 21.7.6-85642 should be used. As a temporary workaround, consider restricting access to the `module/webhook/model.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ZenTao versions up to 21.7.6-8564 **Description** A flaw exists in ZenTao related to improper privilege management. The issue is located in the `file::delete` function within the `module/file/control.php` file of the File Handler component. Manipulation of the `fileID` argument can lead to this issue, and it is possible to launch an attack remotely. **Recommendations** Upgrade to version 21.7.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZenTao versions up to 21.7.6-8564 **Description** A server-side request forgery condition exists in ZenTao. The issue is related to the `makeRequest` function within the `module/ai/model.php` file. Manipulation of the `Base` argument can trigger the issue. The attack can be launched remotely. The exploit has been made public. **Recommendations** Upgrade to version 21.7.6 or later.

**Name of the Vulnerable Software and Affected Versions** shsuishang ShopSuite ModulithShop versions prior to 45a99398cec3b7ad7ff9383694f0b53339f2d35a **Description** A path traversal issue exists in shsuishang ShopSuite ModulithShop. The `JwtAuthenticationFilter` function within the `src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.java` file is affected. This allows for remote exploitation and the publicly available exploit may be used. The product utilizes a rolling release model, meaning specific version details for affected and updated releases are unavailable. **Recommendations** Versions prior to 45a99398cec3b7ad7ff9383694f0b53339f2d35a should be updated. As a temporary workaround, consider restricting access to the `JwtAuthenticationFilter` function until a newer version is available.

**Name of the Vulnerable Software and Affected Versions** ShopSuite ModulithShop versions up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a **Description** A flaw exists within ShopSuite ModulithShop related to the RSA/OAuth2/Database component, resulting in the presence of hard-coded credentials. This issue can be exploited remotely. The exploit for this issue has been publicly released. The product utilizes a rolling release model, making specific version information for updates unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerJob versions through 5.1.2 **Description** A flaw exists in PowerJob that relates to missing authorization within the function list of the `/user/list` file. This issue can be exploited remotely. The exploit is publicly available. The vulnerable component is the `/user/list` file and the affected function is the function list within it. **Recommendations** Update PowerJob to a version later than 5.1.2.

**Name of the Vulnerable Software and Affected Versions** PowerJob versions through 5.1.2 **Description** A security issue has been identified in PowerJob. The problem relates to missing authorization within the `/openApi/runJob` file of the `OpenAPIController` component. This allows for remote attacks. The exploit details have been publicly disclosed. **Recommendations** Update PowerJob to a version newer than 5.1.2.

**Name of the Vulnerable Software and Affected Versions** jeecgboot JimuReport versions up to 2.1.2 **Description** A vulnerability exists in jeecgboot JimuReport up to version 2.1.2. The issue impacts an unknown function within the `/drag/onlDragDataSource/testConnection` file of the MySQL JDBC Handler component, leading to deserialization. Remote exploitation is possible. The exploit has been made public. **Recommendations** Versions prior to 2.1.2 should be used. Consider restricting access to the `/drag/onlDragDataSource/testConnection` file as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** h2oai h2o-3 versions through 3.46.08 **Description** A vulnerability exists in h2oai h2o-3 up to version 3.46.08, specifically within the H2 JDBC Driver component. The issue involves the manipulation of the `connection url` argument in the `/99/ImportSQLTable` file, leading to deserialization. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.46.08 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** h2oai h2o-3 versions through 3.46.08 **Description** A flaw exists in h2oai h2o-3, specifically in an unknown function within the `/99/ImportSQLTable` file of the IBMDB2 JDBC Driver component. Manipulation of the `connection url` argument can lead to deserialization, potentially allowing for remote attacks. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jeecgboot JimuReport versions up to 2.1.2 **Description** A vulnerability exists in jeecgboot JimuReport. The issue is related to deserialization triggered by manipulating the `clientRerouteServerListJNDIName` argument within an unknown function of the `/drag/onlDragDataSource/testConnection` file of the DB2 JDBC Handler component. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 2.1.2 should be updated.

**Name of the Vulnerable Software and Affected Versions** newbee-mall versions prior to 613a662adf1da7623ec34459bc83e3c1b12d8ce7 **Description** A vulnerability exists in newbee-mall related to improper authorization. The issue affects the `paySuccess` function within the `/paySuccess` file of the Order Status Handler component. Manipulation of the `orderNo` argument can lead to unauthorized access. The exploit has been publicly disclosed. **Recommendations** Update newbee-mall to a version prior to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. As a temporary workaround, consider restricting access to the `/paySuccess` file or the `paySuccess` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** newbee-mall version 1.0 **Description** A flaw exists within the `mallKaptcha` function located in the `/common/mall/kaptcha` file, leading to the generation of guessable CAPTCHAs. This issue can be exploited remotely and is considered difficult to exploit due to its high complexity. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macrozheng mall versions up to 1.0.3 **Description** A vulnerability exists in the `paySuccess` function of the `/order/paySuccess` file. Manipulation of the `orderId` argument can lead to authorization bypass. The exploit has been made public. **Recommendations** Update macrozheng mall to a version newer than 1.0.3. As a temporary workaround, restrict access to the `/order/paySuccess` file. Avoid using the `orderId` parameter in the `paySuccess` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macrozheng mall versions up to 1.0.3 **Description** A vulnerability exists in macrozheng mall versions up to 1.0.3. The `cancelOrder` function within the `/order/cancelUserOrder` file is affected. Manipulation of the `orderId` argument can lead to authorization bypass. The exploit has been publicly disclosed and may be used. **Recommendations** Update macrozheng mall to a version newer than 1.0.3. As a temporary workaround, restrict access to the `/order/cancelUserOrder` file. Avoid using the `orderId` argument in the `cancelOrder` function until the issue is resolved.