19 matches found
Hunting Vulnerability Variants in AI Infra: Measurement and Reference-Driven Detection
AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalen...
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the...
security-advisories
Security Advisories Public write-ups and PoCs for CVEs I've d...
CVE-2026-6141
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141
The CVE-2026-6141 entry affects danielmiessler Personal_AI_Infrastructure up to version 2.3.0, targeting an unknown function in Skills/Parser/Tools/parse_url.ts. The vulnerability allows remote OS command injection via manipulation of that function. The exploit has been publicly disclosed, and a ...
PT-2026-32198
A vulnerability was determined in danielmiessler Personal AI Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...
Personal AI Infrastructure 操作系统命令注入漏洞
Personal AI Infrastructure is a personal AI infrastructure building tool developed by Daniel Miessler as a personal project. Versions of Personal AI Infrastructure prior to 2.3.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper...
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how...
PT-2026-43329
Name of the Vulnerable Software and Affected Versions Starlette versions prior to 1.0.1 Description Starlette fails to validate the HTTP Host request header before using it to reconstruct request.url. While the routing algorithm uses the raw HTTP path, request.url is rebuilt from the Host header...
Now More Than Ever, Foundational AI Research and Infrastructure Depends on the Federal Government
Leadership in the field of AI is vital for our nation's economy and security. Maintaining this leadership requires investments by the federal government. The federal investment in foundation AI research is essential for U.S. leadership in the field. Providing accessible AI infrastructure will...
Trend Micro Puts a Spotlight on AI at Pwn2Own Berlin
Get a sneak peak into how Trend Micro's Pwn2Own Berlin 2025 is breaking new ground, focusing on AI infrastructure and finding the bugs to proactively safeguard the future of computing...
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks
A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk...
How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry
This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure...
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama...
Q2-2023 API ThreatStats™ Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!
Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and...