Lucene search
K

269 matches found

Microsoft Secure
Microsoft Secure
added 2026/03/12 2:0 p.m.6 views

Detecting and analyzing prompt abuse in AI tools

This second post in our AI Application Security series is all about moving from planning to practice. AI Application Series 1: Security considerations when adopting AI tools established how AI adoption expands the attack surface and our threat-modelling guidance on the Microsoft security blog...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/11 4:33 p.m.5 views

DRUPAL-CONTRIB-2026-028

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.6 views

AttriGuard: Defeating Indirect Prompt Injection in LLM Agents Via Causal Attribution of Tool Invocations

LLM agents are highly vulnerable to Indirect Prompt Injection IPI, where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination problem, which often fails to generalize to unseen payloads. We...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.5 views

CLIOPATRA: Extracting Private Information from LLM Insights

As AI assistants become widely used, privacy-aware platforms like Anthropic's Clio have been introduced to generate insights from real-world AI use. Clio's privacy protections rely on layering multiple heuristic techniques together, including PII redaction, clustering, filtering, and LLM-based...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.6 views

PT-2026-24113

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load from url async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...

7.1CVSS6.3AI score0.00528EPSS
Exploits2References5
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.3 views

OpenAnt LLM-Based Vulnerability Discovery

OpenAnt from Knostic is an open source LLM-based vulnerability discovery product that helps defenders proactively find verified security flaws while minimizing both false positives and false negatives. Stage 1 detects. Stage 2 attacks. What survives is real...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.5 views

Targeted Bit-Flip Attacks on LLM-Based Agents

Targeted bit-flip attacks BFAs exploit hardware faults to manipulate model parameters, posing a significant security threat. While prior work targets single-step inference models e.g., image classifiers, LLM-based agents with multi-stage pipelines and external tools present new attack surfaces,...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.11 views

SUSE CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

7.6CVSS5.8AI score0.00222EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/02/27 12:0 a.m.4 views

Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.6 views

CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing...

7.6CVSS5.4AI score0.00222EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/24 6:25 p.m.175 views

ai-security-toolkit

...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/02/24 12:42 a.m.22 views

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

7.6CVSS0.00222EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.14 views

ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing

It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/21 12:0 a.m.4 views

LLM Scalability Risk for Agentic-AI and Model Supply Chain Security

Large Language Models LLMs & Generative AI are transforming cybersecurity, enabling both advanced defenses and new attacks. Organizations now use LLMs for threat detection, code review, and DevSecOps automation, while adversaries leverage them to produce malwares and run targeted social-engineeri...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/20 5:10 p.m.197 views

Kestrel

Kestrel LLM-Assisted Bug Bounty Hunting Platform for Kali L...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/18 10:42 p.m.20 views

OpenClaw: Unsanitized CWD path injection into LLM prompts

Overview OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example newlines or Unicode bidi/zero-width markers, those...

8.6CVSS5.5AI score0.00205EPSS
Exploits0References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.6 views

Can Adversarial Code Comments Fool AI Security Reviewers -- Large-Scale Empirical Study of Comment-Based Attacks and Defenses against LLM Code Analysis

AI-assisted code review is widely used to detect vulnerabilities before production release. Prior work shows that adversarial prompt manipulation can degrade large language model LLM performance in code generation. We test whether similar comment-based manipulation misleads LLMs during...

5.7AI score
Exploits0
OSV
OSV
added 2026/02/13 9:4 p.m.3 views

GHSA-W5CR-2QHR-JQC5 Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS6AI score
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.5 views

VulReaD: Knowledge-Graph-Guided Software Vulnerability Reasoning and Detection

Software vulnerability detection SVD is a critical challenge in modern systems. Large language models LLMs offer natural-language explanations alongside predictions, but most work focuses on binary evaluation, and explanations often lack semantic consistency with Common Weakness Enumeration CWE...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.11 views

LLM-FS: Zero-Shot Feature Selection for Effective and Interpretable Malware Detection

Feature selection FS remains essential for building accurate and interpretable detection models, particularly in high-dimensional malware datasets. Conventional FS methods such as Extra Trees, Variance Threshold, Tree-based models, Chi-Squared tests, ANOVA, Random Selection, and Sequential...

5.6AI score
Exploits0
Rows per page
Query Builder