Lunary 安全漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An information disclosure vulnerability exists in lunary that stems from a GET /projects API endpoint exposing all project public and private API keys to users with least privileges, which can be exploited by an attacker to obtain...

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

Lunary 访问控制错误漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from vLLM open source. A security vulnerability exists in vLLM that stems from a caching mechanism in the outlines library that could lead to a denial of service by running out of file system space...

Arbitrary Command Injection

Overview plotai is a Create plots in Python with AI Affected versions of this package are vulnerable to Arbitrary Command Injection in executor.py due to lack of validation of LLM-generated output. An attacker can supply code which will then be executed with Python's exec function. Remediation...

PYSEC-2025-22

A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting th...

Flowise 代码问题漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 2.2.6 that stems from the presence of an arbitrary file upload issue...

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

Use of Weak Hash

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a predictable constant value in the Python 3.12 built-in hash function. An attacker can interfere with subsequent...

LLM-As-Chatbot 安全漏洞

LLM-As-Chatbot is a chatbot service by the individual developer Chansung Park. A security vulnerability exists in LLM-As-Chatbot that originates from the execution of arbitrary code via the modelsbyom.py component...

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to deficiencies in access control, allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and enhance their privileges...

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to bypassing authentication using a user-controlled key, allows attackers to influence the integrity and confidentiality of protected information.

The vulnerability of the platform for monitoring, managing, and improving LLM applications involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to influence the integrity and confidentiality of protected information by manipulating the...

Lunary 信息泄露漏洞

lunary is lunary open source a production toolkit for LLM . lunary has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

CVE-2024-48919

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-48919

CVE-2024-48919 affects Cursor, an AI-assisted code editor. Prior to 2024-09-27, if a user imported a malicious webpage into Cursor’s Terminal Cmd-K, an attacker controlling that page could influence a language model to emit arbitrary terminal commands when the user opts to include the page conten...

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM version 0.5.4, which stems from the fact that a completion API request with a null prompt will cause the vLLM API server to crash, resulting in a denial of...

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...