Lucene search
K

270 matches found

SUSE CVE
SUSE CVE
added 2025/04/24 3:24 a.m.5 views

SUSE CVE-2025-31363

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira...

6.5CVSS4.2AI score0.00247EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.3 views

Automated Static Vulnerability Detection Via a Holistic Neuro-Symbolic Approach

Static vulnerability detection is still a challenging problem and demands excessive human efforts, e.g., manual curation of good vulnerability patterns. None of prior works, including classic program analysis or Large Language Model LLM-based approaches, have fully automated such vulnerability...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/20 12:0 a.m.6 views

BadApex: Backdoor Attack Based on Adaptive Optimization Mechanism of Black-Box Large Language Models

Previous insertion-based and paraphrase-based backdoors have achieved great success in attack efficacy, but they ignore the text quality and semantic consistency between poisoned and clean texts. Although recent studies introduce LLMs to generate poisoned texts and improve the stealthiness,...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability. The vulnerability stems from an under-restricted LLM request domain. An attacker can exploit the vulnerability to perform prompt injecti...

6.5CVSS4AI score0.00247EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/16 12:0 a.m.7 views

OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine

As Ethereum continues to thrive, the Ethereum Virtual Machine EVM has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/04/14 12:0 a.m.13 views

Prompt Engineering Techniques with Spring AI

This blog post demonstrates practical implementations of Prompt Engineering techniques using Spring AI. The examples and patterns in this article are based on the comprehensive Prompt Engineering Guide that covers the theory, principles, and patterns of effective prompt engineering. The blog show...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

编号撤回

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...

7.6AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Lunary 授权问题漏洞

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the checklists.post endpoint not being properly privilege-validated and can be exploited by an attacker to cause unauthorized creation or modification of checklists...

7.1CVSS6.8AI score0.0051EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

编号撤回

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. This CVE number has been withdrawn...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.9 views

Lunary 访问控制错误漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...

9.8CVSS9.2AI score0.00748EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

Lunary 安全漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References2
PyPA
PyPA
added 2025/03/10 2:15 p.m.9 views

PYSEC-2025-22

A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting th...

9.8CVSS7.8AI score0.00952EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.10 views

Flowise 代码问题漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 2.2.6 that stems from the presence of an arbitrary file upload issue...

9.8CVSS6.7AI score0.50789EPSS
Exploits1References2
Schneier on Security
Schneier on Security
added 2025/02/20 12:1 p.m.5 views

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

LLM-As-Chatbot 安全漏洞

LLM-As-Chatbot is a chatbot service by the individual developer Chansung Park. A security vulnerability exists in LLM-As-Chatbot that originates from the execution of arbitrary code via the modelsbyom.py component...

8.8CVSS7.4AI score0.00835EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.5 views

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to deficiencies in access control, allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and enhance their privileges...

8.5CVSS7.2AI score0.00469EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.2 views

Lunary 信息泄露漏洞

lunary is lunary open source a production toolkit for LLM . lunary has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

9.1CVSS6.1AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.4 views

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM version 0.5.4, which stems from the fact that a completion API request with a null prompt will cause the vLLM API server to crash, resulting in a denial of...

7.5CVSS7.3AI score0.00676EPSS
Exploits0References5
OSV
OSV
added 2024/07/01 6:25 p.m.34 views

CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

6.1CVSS5.8AI score0.00405EPSS
Exploits1References4
NVD
NVD
added 2024/07/01 4:15 p.m.38 views

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

7.5CVSS0.01761EPSS
Exploits3References2
Rows per page
Query Builder