Lucene search
K

592 matches found

Cvelist
Cvelist
added 2026/06/30 12:54 p.m.31 views

CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:54 p.m.5 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53876

Name of the Vulnerable Software and Affected Versions LLaMA-Factory versions prior to 0.9.6 Description Remote code execution is possible via the WebUI Chat and Training interfaces. The application fails to validate user-supplied model paths before passing them to the AutoTokenizer.from pretraine...

9.8CVSS6.5AI score0.00497EPSS
Exploits2References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-393 Unsafe yaml deserialization in llama-hub

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.8CVSS7.7AI score0.01192EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-396 llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS8.1AI score0.02862EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.12 views

PYSEC-2026-397 llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

9.8CVSS7.6AI score0.00951EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-398 llama-index-packs-finchat SQL Injection vulnerability

A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...

10CVSS8AI score0.01311EPSS
Exploits1References7
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56062

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39716

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.42 views

CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56062

The CVE identifies an unauthenticated SQL injection in the WordPress Quotes llama plugin, affecting versions up to and including 3.1.5. The vulnerability arises in Quotes llama’s handling of input data, allowing unauthenticated attackers to potentially execute SQL commands. The CVSS base score is...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.19 views

Beyond Pass/Fail: Using Process Mining to Understand How LLMs Resist (And Fail) Red Team Attacks

Standard AI red teaming evaluations reduce adversarial campaigns to a single binary outcome, attack success rate ASR, not taking into account the sequential structure of how models resist or yield to attacks. We propose applying process mining, a discipline for discovering and analyzing process...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.9 views

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.10 views

Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems

Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 2:27 p.m.8 views

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-44345 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-44345 Source advisory: SNYK:PYTHON-BENTOML-16642321...

8.8CVSS5.8AI score0.00317EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/10 12:41 p.m.18 views

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as...

9.1CVSS6.9AI score0.01001EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.8 views

When the Ruler Is Broken: Parsing-Induced Suppression in LLM-Based Security Log Evaluation

LLM-based SOC log classifiers are commonly evaluated using regular-expression pipelines that extract structured fields from free-form model output. We demonstrate that this practice introduces a class of silent, systematic evaluation errors, which we term parsing-induced suppression that can caus...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.7 views

Redefining AI Red Teaming in the Agentic Era: From Weeks to Hours

AI systems are entering critical domains like healthcare, finance, and defense, yet remain vulnerable to adversarial attacks. While AI red teaming is a primary defense, current approaches force operators into manual, library-specific workflows. Operators spend weeks hand-crafting workflows -...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.7 views

Attention Is Where You Attack

Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.23 views

OpenSOC-AI: Democratizing Security Operations with Parameter Efficient LLM Log Analysis

Small and medium sized businesses SMBs face an escalating cybersecurity threat landscape, yet most lack the resources to staff full Security Operations Centers SOCs or deploy enterprise grade detection platforms. This paper presents OpenSOC-AI, a lightweight log analysis framework that uses...

5.4AI score
Exploits0
Rows per page
Query Builder