Lucene search
K

560 matches found

Schneier on Security
Schneier on Security
added 2025/02/20 12:1 p.m.5 views

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

7.5AI score
Exploits0
Snyk
Snyk
added 2025/02/06 8:0 p.m.4 views

Use of Weak Hash

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a predictable constant value in the Python 3.12 built-in hash function. An attacker can interfere with subsequent...

2.6CVSS6.9AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

LLM-As-Chatbot 安全漏洞

LLM-As-Chatbot is a chatbot service by the individual developer Chansung Park. A security vulnerability exists in LLM-As-Chatbot that originates from the execution of arbitrary code via the modelsbyom.py component...

8.8CVSS7.4AI score0.00778EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.5 views

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to deficiencies in access control, allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and enhance their privileges...

8.5CVSS7.2AI score0.00469EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.3 views

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to bypassing authentication using a user-controlled key, allows attackers to influence the integrity and confidentiality of protected information.

The vulnerability of the platform for monitoring, managing, and improving LLM applications involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to influence the integrity and confidentiality of protected information by manipulating the...

9.4CVSS8.1AI score0.00477EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.2 views

Lunary 信息泄露漏洞

lunary is lunary open source a production toolkit for LLM . lunary has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

9.1CVSS6.1AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 9:15 p.m.16 views

CVE-2024-48919

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

9.2CVSS0.00491EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 8:58 p.m.48 views

CVE-2024-48919

CVE-2024-48919 affects Cursor, an AI-assisted code editor. Prior to 2024-09-27, if a user imported a malicious webpage into Cursor’s Terminal Cmd-K, an attacker controlling that page could influence a language model to emit arbitrary terminal commands when the user opts to include the page conten...

9.2CVSS7.4AI score0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 8:58 p.m.12 views

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

9.2CVSS7.8AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/22 8:58 p.m.26 views

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

9.2CVSS0.00491EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.3 views

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM version 0.5.4, which stems from the fact that a completion API request with a null prompt will cause the vLLM API server to crash, resulting in a denial of...

7.5CVSS7.3AI score0.00676EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.5 views

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...

6.5CVSS6.8AI score0.0044EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.9 views

PT-2024-29974 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3561 Description: The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The data pointer member in this structure is unsafe, allowing for arbitrary address reading...

9.8CVSS6.9AI score0.00603EPSS
Exploits1References17
Veracode
Veracode
added 2024/08/09 8:25 a.m.15 views

Cross Site Scripting (XSS)

openwebui is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the language model executing arbitrary JavaScript as a result of a maliciously crafted prompt...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/08 12:31 a.m.26 views

Open WebUI Stored Cross-Site Scripting Vulnerability

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.3CVSS6.7AI score0.0062EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.581 views

Open WebUI 0.1.105 Persistent Cross Site Scripting

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...

6.3CVSS7.1AI score0.0062EPSS
Exploits3
CVE
CVE
added 2024/08/07 11:1 p.m.59 views

CVE-2024-6706

Open WebUI stores Cross-Site Scripting (XSS) vulnerability CVE-2024-6706 in version 0.1.105 on Debian 12. The issue arises when a malicious prompt coerces the language model into executing arbitrary JavaScript in the context of the web page. Connected advisories (KL-001-2024-005; GHSA-5JP3-WP5V-5...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2024/07/01 6:25 p.m.33 views

CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

6.1CVSS5.8AI score0.00405EPSS
Exploits1References4
NVD
NVD
added 2024/07/01 4:15 p.m.28 views

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

7.5CVSS0.01761EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

vanna Code Injection Vulnerability

Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...

9.8CVSS8.9AI score0.00875EPSS
Exploits0References2
Rows per page
Query Builder