PT-2025-16414

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Recommendations At the moment, there is no information about a newer version that contains a...

Xorbits Inference 安全漏洞

Xorbits Inference is an open source Xorbits tool that can be used with a variety of LLMs. A security vulnerability exists in Xorbits Inference 1.4.1 and earlier versions, which stems from improper handling of the load function in the xinference/thirdparty/cosyvoice/cli/model.py file, which could...

RAID: an In-Training Defense against Attribute Inference Attacks in Recommender Systems

In various networks and mobile applications, users are highly susceptible to attribute inference attacks, with particularly prevalent occurrences in recommender systems. Attackers exploit partially exposed user profiles in recommendation models, such as user embeddings, to infer private attribute...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which originates from an unauthenticated attacker being able to infer the presence of a username on the system...

Concept Enhancement Engineering: a Lightweight and Efficient Robust Defense against Jailbreak Attacks in Embodied AI

Embodied Intelligence EI systems integrated with large language models LLMs face significant security risks, particularly from jailbreak attacks that manipulate models into generating harmful outputs or executing unsafe physical actions. Traditional defense strategies, such as input filtering and...

CVE-2025-32375

Summary: CVE-2025-32375 affects BentoML prior to version 1.4.8, due to an insecure deserialization in BentoML’s runner server. The vulnerability allows an attacker to craft POST requests with specific headers/parameters to execute arbitrary code on the server, giving initial access and informatio...

CVE-2025-27520

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest version v1.4.2 of BentoML. It allows any unauthenticated user to execute...

Malicious code in monitor-inference-results (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a81996c10459a5786a55c906eda2f407966455557441d103e3d55c4ab53e1c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AIs as Trusted Third Parties

This is a truly fascinating paper: "Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography." The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit t...

AI Inference on Akamai Cloud: Enabling Developers to Accelerate Edge Native Applications

...

Why AI Inference is Driving the Shift from Centralized to Distributed Cloud Computing

...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

编号撤回

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...

编号撤回

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...

CVE-2025-29770

CVE-2025-29770 affects vLLM’s guided_decoding outlines backend. The vulnerability arises because outlines_logits_processors.py unconditionally uses outlines’ on-disk grammar cache, enabling a malicious user to send many short decoding requests with unique schemas and exhaust the filesystem, causi...

Applio 路径遍历漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in inference.py, and could lead to the writing of an arbitrary file on the Applio server, or ...

NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability

This vulnerability allows remote attackers to access protected functionality on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the Triton Inference Server. The issue results from the lack of...

The vulnerability of the Model Loading API component in NVIDIA Triton Inference Server (previously known as TensorRT Inference Server) allows a malicious actor to trigger a service failure.

The vulnerability of the Model Loading component of NVIDIA Triton Inference Server previously known as TensorRT Inference Server is related to a numerical overflow issue. Exploiting this vulnerability could allow an attacker to cause a service failure...

NVIDIA Triton Inference Server Input Validation Error Vulnerability (CNVD-2025-23137)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server has an input validation error vulnerability that can be exploited by attackers to cause a denial of service...

CVE-2025-0503

Mattermost versions 9.11.x = 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database...