685 matches found
Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability
Title: Open WebUI Stored Cross-Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper...
lunary 访问控制错误漏洞
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from improper access control and can be exploited by an attacker to change the name of an organization...
Meta Pauses AI Training on EU User Data Amid Privacy Concerns
Meta on Friday said it's delaying its efforts to train the company's large language models LLMs using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission DPC. The company expressed disappointment at...
ChuanhuChatGPT Access Control Error Vulnerability
ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. ChuanhuChatGPT suffers from an access control error vulnerability that stems from an improper access control mechanism...
Lunary 安全漏洞
Lunary is lunary open source a production toolkit for LLM. Lunary has an authorization issue vulnerability that stems from the lack of proper authorization checks in the dataset deletion end node, which can be exploited by an attacker to delete any dataset...
Number withdrawn
Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...
ChuanhuChatGPT Information Disclosure Vulnerability
ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from an information disclosure vulnerability that stems from a timing attack vulnerability in the password comparison logic...
ChuanhuChatGPT Path Traversal Vulnerability
ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from a path traversal vulnerability that stems from the use of an outdated gradio component that is susceptible to path traversal attacks...
Lunary 安全漏洞
lunary is lunary open source a production toolkit for LLM . An improper access control vulnerability exists in lunary, which can be exploited by an attacker to update any organization user as the organization owner...
The vulnerability of Ollama’s system for running and managing large language models (LLMs) lies in its reliance on reverse DNS resolution for IP addresses. This allows attackers to perform DNS Rebinding attacks or cause service failures.
The vulnerability of Ollama’s system for running and managing large language models is related to the use of reverse DNS resolution for IP addresses. Exploiting this vulnerability could allow a remote attacker to perform a DNS Rebinding attack or cause a service failure...
编号撤回
Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...
Getting Started with LLMs: Managing Data Collection
...
编号撤回
Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...
编号撤回
Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...
Three Tips to Protect Your Secrets from AI Accidents
Last year, the Open Worldwide Application Security Project OWASP published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models,...
Teaching LLMs to Be Deceptive
Interesting research: "Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training": Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given th...
Chatbots and Human Conversation
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you...
AI likely to boost ransomware, warns government body
The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...
How AI hallucinations are making bug hunting harder
Bug bounty programs that pay people for finding bugs are a very useful tool for improving the security of software. But with the availability of artificial intelligence AI as seen in the popular large language models LLMs like ChatGPT, Bard, and others it looks like there is a new problem on the...
A Robot the Size of the World
In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and the...