Lucene search
K

685 matches found

CVE
CVE
added 2026/03/20 3:13 a.m.9 views

CVE-2026-32114

Discourse (open‑source discussion platform) contains an Insecure Direct Object Reference (IDOR) vulnerability. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, any authenticated user can access metadata about AI personas, features, and LLM models by supplying their identifiers. This m...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 3:13 a.m.2 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 9:16 a.m.5 views

CVE-2026-27068

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through = 8.2.6...

7.1CVSS0.00145EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/19 12:0 a.m.13 views

Measuring and Exploiting Confirmation Bias in LLM-Assisted Security Code Review

Security code reviews increasingly rely on systems integrating Large Language Models LLMs, ranging from interactive assistants to autonomous agents in CI/CD pipelines. We study whether confirmation bias i.e., the tendency to favor interpretations that align with prior expectations affects LLM-bas...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.2 views

Security Assessment and Mitigation Strategies for Large Language Models: A Comprehensive Defensive Framework

Large Language Models increasingly power critical infrastructure from healthcare to finance, yet their vulnerability to adversarial manipulation threatens system integrity and user safety. Despite growing deployment, no comprehensive comparative security assessment exists across major LLM...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.8 views

PISmith: Reinforcement Learning-Based Red Teaming for Prompt Injection Defenses

Prompt injection poses serious security risks to real-world LLM applications, particularly autonomous agents. Although many defenses have been proposed, their robustness against adaptive attacks remains insufficiently evaluated, potentially creating a false sense of security. In this work, we...

5.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/12 5:16 p.m.5 views

CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

7.8CVSS5.9AI score0.00177EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.37 views

The Attack and Defense Landscape of Agentic AI: A Comprehensive Survey

AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges fundamentally different from those in...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.8 views

VisualLeakBench: Auditing the Fragility of Large Vision-Language Models against PII Leakage and Social Engineering

As Large Vision-Language Models LVLMs are increasingly deployed in agent-integrated workflows and other deployment-relevant settings, their robustness against semantic visual attacks remains under-evaluated -- alignment is typically tested on explicit harmful content rather than privacy-critical...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

FalconEYE 2.1.0

FalconEYE represents a paradigm shift in static code analysis. Instead of relying on predefined vulnerability patterns, it leverages large language models to reason about your code the same way a security expert would, understanding context, intent, and subtle security implications that tradition...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation

Large Language Models LLMs show promise for Automated Program Repair APR, yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java vulnerabilities from the Vul4J benchmark. Using tri-axis evaluation...

5.9AI score
Exploits0
CVE
CVE
added 2026/03/09 9:1 p.m.14 views

CVE-2026-25960

Summary of CVE-2026-25960 (vLLM) : The SSRF protection added in 0.15.1 (fix tied to CVE-2026-24779) can be bypassed in vLLM’s load_from_url_async due to inconsistent URL parsing between the validation layer (urllib3.util.parse_url) and the HTTP client (aiohttp with yarl). The vulnerability arises...

9.8CVSS5.8AI score0.00485EPSS
Exploits1References8Affected Software1
The Hacker News
The Hacker News
added 2026/03/06 3:11 p.m.10 views

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence AI-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/05 12:0 a.m.5 views

SecureRAG-RTL: A Retrieval-Augmented, Multi-Agent, Zero-Shot LLM-Driven Framework for Hardware Vulnerability Detection

Large language models LLMs have shown remarkable capabilities in natural language processing tasks, yet their application in hardware security verification remains limited due to scarcity of publicly available hardware description language HDL datasets. This knowledge gap constrains LLM performan...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/04 12:0 a.m.5 views

CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts

Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/03 12:0 a.m.31 views

Kraken: Higher-Order EM Side-Channel Attacks on DNNs in near and Far Field

The multi-million dollar investment required for modern machine learning ML has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/02 12:5 p.m.10 views

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.3 views

Can LLMs Hack Enterprise Networks? -- Replicated Computational Results (RCR) Report

This is the Replicated Computational Results RCR Report for the paper "Can LLMs Hack Enterprise Networks?" The paper empirically investigates the efficacy and effectiveness of different LLMs for penetration-testing enterprise networks, i.e., Microsoft Active Directory Assumed-Breach Simulations...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.37 views

ZeroDayBench: Evaluating LLM Agents on Unseen Zero-Day Vulnerabilities for Cyberdefense

Large language models LLMs are increasingly being deployed as software engineering agents that autonomously contribute to repositories. A major benefit these agents present is their ability to find and patch security vulnerabilities in the codebases they oversee. To estimate the capability of...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/01 12:0 a.m.3 views

Jailbreaking Embodied LLMs Via Action-Level Manipulation

Embodied Large Language Models LLMs enable AI agents to interact with the physical world through natural language instructions and actions. However, beyond the language-level risks inherent to LLMs themselves, embodied LLMs with real-world actuation introduce a new vulnerability: instructions tha...

5.9AI score
Exploits0
Rows per page
Query Builder