The Hidden Risks of LLM-Generated Web Application Code: a Security-Centric Evaluation of Code Generation Capabilities in Large Language Models

The rapid advancement of Large Language Models LLMs has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code generated by LLMs has been shown to generate insecure code in...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 1.3.0, which stems from a clickjacking vulnerability in the default settings that could lead to unauthorized operations...

The Automation Advantage in AI Red Teaming

This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...

Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report

As transformer-based large language models LLMs increasingly permeate society, they have revolutionized domains such as software engineering, creative writing, and digital arts. However, their adoption in cybersecurity remains limited due to challenges like scarcity of specialized training data a...

SAGE: a Generic Framework for LLM Safety Evaluation

Whitepaper called SAGE: A Generic Framework For LLM Safety Evaluation...

Leveraging LLM to Strengthen ML-Based Cross-Site Scripting Detection

According to the Open Web Application Security Project OWASP, Cross-Site Scripting XSS is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed various techniques to protect systems from XSS attacks, with...

ThreMoLIA: Threat Modeling of Large Language Model-Integrated Applications

Large Language Models LLMs are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications LIA expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to...

Automating Function-Level TARA for Automotive Full-Lifecycle Security

As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...

SUSE CVE-2025-31363

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira...

Automated Static Vulnerability Detection Via a Holistic Neuro-Symbolic Approach

Static vulnerability detection is still a challenging problem and demands excessive human efforts, e.g., manual curation of good vulnerability patterns. None of prior works, including classic program analysis or Large Language Model LLM-based approaches, have fully automated such vulnerability...

BadApex: Backdoor Attack Based on Adaptive Optimization Mechanism of Black-Box Large Language Models

Previous insertion-based and paraphrase-based backdoors have achieved great success in attack efficacy, but they ignore the text quality and semantic consistency between poisoned and clean texts. Although recent studies introduce LLMs to generate poisoned texts and improve the stealthiness,...

GraphAttack: Exploiting Representational Blindspots in LLM Safety Mechanisms

Large Language Models LLMs have been equipped with safety mechanisms to prevent harmful outputs, but these guardrails can often be bypassed through "jailbreak" prompts. This paper introduces a novel graph-based approach to systematically generate jailbreak prompts through semantic transformations...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability. The vulnerability stems from an under-restricted LLM request domain. An attacker can exploit the vulnerability to perform prompt injecti...

OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine

As Ethereum continues to thrive, the Ethereum Virtual Machine EVM has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain...

Prompt Engineering Techniques with Spring AI

This blog post demonstrates practical implementations of Prompt Engineering techniques using Spring AI. The examples and patterns in this article are based on the comprehensive Prompt Engineering Guide that covers the theory, principles, and patterns of effective prompt engineering. The blog show...

编号撤回

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...

编号撤回

Ollama is a large language model that can be started and run locally by Ollama Open Source. This CVE number has been withdrawn...

编号撤回

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...

编号撤回

Ollama is a large language model that can be started and run locally by Ollama Open Source. This CVE number has been withdrawn...

Lunary 访问控制错误漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...