Lucene search
K

269 matches found

Vulnrichment
Vulnrichment
added 2026/05/04 4:57 p.m.7 views

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS6.3AI score0.00144EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.6 views

QASecClaw: A Multi-Agent LLM Approach for False Positive Reduction in Static Application Security Testing

Static Application Security Testing tools help developers find security vulnerabilities before release, but they often produce many false positives. This increases manual review effort, reduces developer trust, and may cause real vulnerabilities to be ignored among noisy reports. We present...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/01 12:0 a.m.6 views

Self-Adaptive Multi-Agent LLM-Based Security Pattern Selection for IoT Systems

The adoption of Internet of Things IoT systems at the network edge of smart architectures is increasing rapidly, intensifying the need for security mechanisms that are both adaptive and resource-efficient. In such environments, runtime defence mechanisms are no longer limited to detection alone b...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/29 11:3 p.m.9 views

CVE-2026-42208

A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model LLM API route...

9.8CVSS5.7AI score0.86607EPSS
Exploits7References5
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.5 views

MARD: A Multi-Agent Framework for Robust Android Malware Detection

With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretability of decisions. Although Large Language Models LLMs...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.13 views

Large Language Models As Explainable Cyberattack Detectors for Energy Industrial Control Systems

In modern energy systems, industrial control systems ICS and power-system SCADA require intrusion detection that is not only accurate but also auditable by operators. The ICS intrusion-detection landscape is currently dominated by established supervised detectors. In this paper, we study whether ...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.20 views

Dynamic Cyber Ranges

As LLM-driven agents advance in cybersecurity, Jeopardy CTF benchmarks are approaching saturation and cyber ranges, the natural next evaluation frontier, offer diminishing resistance under their current static design. We validate this observation by deploying an LLM-driven Advanced Persistent...

5.3AI score
Exploits0
NVD
NVD
added 2026/04/26 6:16 a.m.12 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.0018EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.5 views

Semantic Denial of Service in LLM-Controlled Robots

Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.19 views

UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks

Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.9 views

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.23 views

Cyber Defense Benchmark: Agentic Threat Hunting Evaluation for LLMs in SecOps

We introduce the Cyber Defense Benchmark, a benchmark for measuring how well large language model LLM agents perform the core SOC analyst task of threat hunting: given a database of raw Windows event logs with no guided questions or hints, identify the exact timestamps of malicious events. The...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/18 12:46 a.m.2 views

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...

9.8CVSS6.3AI score0.00464EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.6 views

HarmChip: Evaluating Hardware Security Centric LLM Safety Via Jailbreak Benchmarking

The integration of large language models LLMs into electronic design automation EDA workflows has introduced powerful capabilities for RTL generation, verification, and design optimization, but also raises critical security concerns. Malicious LLM outputs in this domain pose hardware-level threat...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.3 views

ADAM: A Systematic Data Extraction Attack on Agent Memory Via Adaptive Querying

Large Language Model LLM agents have achieved rapid adoption and demonstrated remarkable capabilities across a wide range of applications. To improve reasoning and task execution, modern LLM agents would incorporate memory modules or retrieval-augmented generation RAG mechanisms, enabling them to...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:45 p.m.3 views

CVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

9.6CVSS6.2AI score0.00419EPSS
Exploits1References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.2 views

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain

Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/08 1:53 a.m.132 views

LLMtary

LLMtary Elementary — AI-Powered Penetration Testing Platform...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.2 views

SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training

The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.18 views

VulGD: A LLM-Powered Dynamic Open-Access Vulnerability Graph Database

Software vulnerabilities continue to pose significant threats to modern information systems, requiring a timely and accurate risk assessment. Public repositories, such as the National Vulnerability Database and CVE details, are regularly updated, but predominantly utilize relational data models...

5.9AI score
Exploits0
Rows per page
Query Builder