flair 安全漏洞

Flair is a very simple and advanced NLP framework developed by Flair OpenSource. There are security vulnerabilities in Flair versions 0.4.1 onwards. These vulnerabilities stem from the LanguageModel class’s ability to deserialize untrusted data, which may allow arbitrary code to be executed when...

CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing...

ai-security-toolkit

...

CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

EUVD-2026-7452

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing

It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...

How Exposed Endpoints Increase Risk Across LLM Infrastructure

As more organizations run their own Large Language Models LLMs, they are also deploying more internal services and Application Programming Interfaces APIs to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that...

FuzzySQL: Uncovering Hidden Vulnerabilities in DBMS Special Features with LLM-Driven Fuzzing

Traditional database fuzzing techniques primarily focus on syntactic correctness and general SQL structures, leaving critical yet obscure DBMS features, such as system-level modes e.g., GTID, programmatic constructs e.g., PROCEDURE, advanced process commands e.g., KILL, largely underexplored...

Evaluating the Reliability of Digital Forensic Evidence Discovered by Large Language Model: A Case Study

The growing reliance on AI-identified digital evidence raises significant concerns about its reliability, particularly as large language models LLMs are increasingly integrated into forensic investigations. This paper proposes a structured framework that automates forensic artifact extraction,...

LLM Scalability Risk for Agentic-AI and Model Supply Chain Security

Large Language Models LLMs & Generative AI are transforming cybersecurity, enabling both advanced defenses and new attacks. Organizations now use LLMs for threat detection, code review, and DevSecOps automation, while adversaries leverage them to produce malwares and run targeted social-engineeri...

Kestrel

Kestrel LLM-Assisted Bug Bounty Hunting Platform for Kali L...

Automatic, Expressive, and Scalable Fuzzing with Stitching

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test. Approaches that instead explore new sequences dynamically lack the...

Meta patents AI that could keep you posting from beyond the grave

Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...

OpenClaw: Unsanitized CWD path injection into LLM prompts

Overview OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example newlines or Unicode bidi/zero-width markers, those...

Can Adversarial Code Comments Fool AI Security Reviewers -- Large-Scale Empirical Study of Comment-Based Attacks and Defenses against LLM Code Analysis

AI-assisted code review is widely used to detect vulnerabilities before production release. Prior work shows that adversarial prompt manipulation can degrade large language model LLM performance in code generation. We test whether similar comment-based manipulation misleads LLMs during...

GHSA-W5CR-2QHR-JQC5 Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

Assessing Spear-Phishing Website Generation in Large Language Model Coding Agents

Large Language Models are expanding beyond being a tool humans use and into independent agents that can observe an environment, reason about solutions to problems, make changes that impact those environments, and understand how their actions impacted their environment. One of the most common...

In-Context Autonomous Network Incident Response: An End-To-End Large Language Model Agent Approach

Rapidly evolving cyberattacks demand incident response systems that can autonomously learn and adapt to changing threats. Prior work has extensively explored the reinforcement learning approach, which involves learning response strategies through extensive simulation of the incident. While this...

MalTool: Malicious Tool Attacks on LLM Agents

In a malicious tool attack, an attacker uploads a malicious tool to a distribution platform; once a user installs the tool and the LLM agent selects it during task execution, the tool can compromise the user's security and privacy. Prior work primarily focuses on manipulating tool names and...