270 matches found
SUSE CVE-2025-31363
Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira...
Automated Static Vulnerability Detection Via a Holistic Neuro-Symbolic Approach
Static vulnerability detection is still a challenging problem and demands excessive human efforts, e.g., manual curation of good vulnerability patterns. None of prior works, including classic program analysis or Large Language Model LLM-based approaches, have fully automated such vulnerability...
BadApex: Backdoor Attack Based on Adaptive Optimization Mechanism of Black-Box Large Language Models
Previous insertion-based and paraphrase-based backdoors have achieved great success in attack efficacy, but they ignore the text quality and semantic consistency between poisoned and clean texts. Although recent studies introduce LLMs to generate poisoned texts and improve the stealthiness,...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability. The vulnerability stems from an under-restricted LLM request domain. An attacker can exploit the vulnerability to perform prompt injecti...
OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine
As Ethereum continues to thrive, the Ethereum Virtual Machine EVM has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain...
Prompt Engineering Techniques with Spring AI
This blog post demonstrates practical implementations of Prompt Engineering techniques using Spring AI. The examples and patterns in this article are based on the comprehensive Prompt Engineering Guide that covers the theory, principles, and patterns of effective prompt engineering. The blog show...
编号撤回
vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...
Lunary 授权问题漏洞
lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the checklists.post endpoint not being properly privilege-validated and can be exploited by an attacker to cause unauthorized creation or modification of checklists...
编号撤回
vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...
Lunary 访问控制错误漏洞
Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...
Lunary 安全漏洞
Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...
PYSEC-2025-22
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting th...
Flowise 代码问题漏洞
Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 2.2.6 that stems from the presence of an arbitrary file upload issue...
An LLM Trained to Create Backdoors in Code
Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...
LLM-As-Chatbot 安全漏洞
LLM-As-Chatbot is a chatbot service by the individual developer Chansung Park. A security vulnerability exists in LLM-As-Chatbot that originates from the execution of arbitrary code via the modelsbyom.py component...
The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to deficiencies in access control, allows attackers to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and enhance their privileges...
Lunary 信息泄露漏洞
lunary is lunary open source a production toolkit for LLM . lunary has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
vLLM 安全漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM version 0.5.4, which stems from the fact that a completion API request with a null prompt will cause the vLLM API server to crash, resulting in a denial of...
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
CVE-2024-36420
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...