ROS-20250625-09

A vulnerability in the Apache Commons Configuration library is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using specially crafted script, dns, and url requests. using specially crafted script, dn...

SafeGenBench: a Benchmark Framework for Security Vulnerability Detection in LLM-Generated Code

The code generation capabilities of large language modelsLLMs have emerged as a critical dimension in evaluating their overall performance. However, prior research has largely overlooked the security risks inherent in the generated code. In this work, we introduce SafeGenBench, a benchmark...

LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges

The widespread adoption of Large Language Models LLMs has heightened concerns about their security, particularly their vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs. While prior research has been conducted on general security capabilities of LLMs,...

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale...

CVE-2025-25021

CVE-2025-25021 affects IBM QRadar Suite Software 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The issue is a code injection vulnerability caused by improper generation/filtering of constructed code snippets in the case management script, enabling privileged code execution...

Mind the Gap: a Practical Attack on GGUF Quantization

With the increasing size of frontier LLMs, post-training quantization has become the standard for memory-efficient deployment. Recent work has shown that basic rounding-based quantization schemes pose security risks, as they can be exploited to inject malicious behaviors into quantized models tha...

CVE-2023-25054

Improper Control of Generation of Code 'Code Injection' vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6...

Securing Generative AI: Navigating Risk and Building Resilience

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Generative AI has changed the way ...

Security Degradation in Iterative AI Code Generation -- a Systematic Analysis of the Paradox

The rapid adoption of Large Language ModelsLLMs for code generation has transformed software development, yet little attention has been given to how security vulnerabilities evolve through iterative LLM feedback. This paper analyzes security degradation in AI-generated code through a controlled...

WordPress plugin MapSVG Lite 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Ultimate Member 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

PT-2025-24453

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The vulnerability resides within the System component of the Android operating system, stemming from improper code generation management. Remote attackers can potentially execute arbitrary...

CVE-2025-2421

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1...

The Hidden Risks of LLM-Generated Web Application Code: a Security-Centric Evaluation of Code Generation Capabilities in Large Language Models

The rapid advancement of Large Language Models LLMs has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code generated by LLMs has been shown to generate insecure code in...

SecRepoBench: Benchmarking LLMs for Secure Code Generation in Real-World Repositories

This paper introduces SecRepoBench, a benchmark to evaluate LLMs on secure code generation in real-world repositories. SecRepoBench has 318 code generation tasks in 27 C/C++ repositories, covering 15 CWEs. We evaluate 19 state-of-the-art LLMs using our benchmark and find that the models struggle...

CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-23251

CVE-2025-23251 (NVIDIA NeMo Framework) involves a code-generation control weakness that could allow remote code execution, with potential data tampering. Multiple sources (NVD, NVIDIA security bulletin, Red Hat, PT Security) confirm the flaw and its impact, describing an attacker who could execut...

GraphAttack: Exploiting Representational Blindspots in LLM Safety Mechanisms

Large Language Models LLMs have been equipped with safety mechanisms to prevent harmful outputs, but these guardrails can often be bypassed through "jailbreak" prompts. This paper introduces a novel graph-based approach to systematically generate jailbreak prompts through semantic transformations...

CVE-2025-29705

code-gen =2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects...

code-gen 安全漏洞

code-gen is a code generation tool for tanghc individual developers. A security vulnerability exists in code-gen 2.0.6 and earlier versions, which stems from a lack of privilege control and could lead to arbitrary access...