592 matches found
CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
CVE-2026-58116
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
PT-2026-53876
Name of the Vulnerable Software and Affected Versions LLaMA-Factory versions prior to 0.9.6 Description Remote code execution is possible via the WebUI Chat and Training interfaces. The application fails to validate user-supplied model paths before passing them to the AutoTokenizer.from pretraine...
PYSEC-2026-393 Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
PYSEC-2026-396 llama-index-core Command Injection vulnerability
A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...
PYSEC-2026-397 llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
PYSEC-2026-398 llama-index-packs-finchat SQL Injection vulnerability
A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...
CVE-2026-56062
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
EUVD-2026-39716
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
CVE-2026-56062
The CVE identifies an unauthenticated SQL injection in the WordPress Quotes llama plugin, affecting versions up to and including 3.1.5. The vulnerability arises in Quotes llama’s handling of input data, allowing unauthenticated attackers to potentially execute SQL commands. The CVSS base score is...
Beyond Pass/Fail: Using Process Mining to Understand How LLMs Resist (And Fail) Red Team Attacks
Standard AI red teaming evaluations reduce adversarial campaigns to a single binary outcome, attack success rate ASR, not taking into account the sequential structure of how models resist or yield to attacks. We propose applying process mining, a discipline for discovering and analyzing process...
Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography
The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...
Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems
Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...
ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-44345 via bentoml (>=1.0.0a7 <=1.4.3)
bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-44345 Source advisory: SNYK:PYTHON-BENTOML-16642321...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as...
When the Ruler Is Broken: Parsing-Induced Suppression in LLM-Based Security Log Evaluation
LLM-based SOC log classifiers are commonly evaluated using regular-expression pipelines that extract structured fields from free-form model output. We demonstrate that this practice introduces a class of silent, systematic evaluation errors, which we term parsing-induced suppression that can caus...
Redefining AI Red Teaming in the Agentic Era: From Weeks to Hours
AI systems are entering critical domains like healthcare, finance, and defense, yet remain vulnerable to adversarial attacks. While AI red teaming is a primary defense, current approaches force operators into manual, library-specific workflows. Operators spend weeks hand-crafting workflows -...
Attention Is Where You Attack
Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...
OpenSOC-AI: Democratizing Security Operations with Parameter Efficient LLM Log Analysis
Small and medium sized businesses SMBs face an escalating cybersecurity threat landscape, yet most lack the resources to staff full Security Operations Centers SOCs or deploy enterprise grade detection platforms. This paper presents OpenSOC-AI, a lightweight log analysis framework that uses...