EUVD-2025-204780

Malicious code in lanchain-openai PyPI...

Exploit for CVE-2025-61260

OpenAI Codex CLI Vuln...

A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection

As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...

One Hub 安全漏洞

One Hub is an OpenAI interface management and distribution system for Buer individual developers. A security vulnerability exists in One Hub version 0.14.27 and earlier, which stems from the use of a hard-coded key for the parameter SESSIONSECRET in the docker-compose.yml file, which could lead t...

CVE-2025-13922

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

CVE-2025-13922

CVE-2025-13922 affects Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI (WordPress plugin). Time-based blind SQL Injection via the existing_terms_orderby parameter in the AI preview AJAX endpoint allows authenticated contributors (with AI metabox permissions) to append SQL queries,...

CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

CVE-2025-13359

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...

CVE-2025-13354

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-13354

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

EUVD-2025-200977

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...

CVE-2025-13354 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

PT-2025-48808

Name of the Vulnerable Software and Affected Versions Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress versions through 3.40.1 Description The software is susceptible to a time-based SQL Injection issue via the getTermsForAjax function. This is a result of...

PT-2025-48450

Name of the Vulnerable Software and Affected Versions OpenAI Codex CLI versions prior to 0.23.0 Description The OpenAI Codex CLI is susceptible to a command injection flaw stemming from how it processes project-local configuration files. Attackers can exploit this by placing malicious configurati...

Evaluating LLMs for One-Shot Patching of Real and Artificial Vulnerabilities

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models LLMs present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using publicly disclosed vulnerabilities, leaving their...

OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…...

When your AI Assistant Becomes the Attacker’s Command-and-Control

Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control C2 channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malwar...

Malicious code in @voiceflow/openai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a608e865dea4b33cde3e1730149f8122e44d2e8caf9147cefe48b581cce6fc53 The package @voiceflow/openai was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199399

Malicious code in @voiceflow/openai npm...

MAL-2025-191363 Malicious code in @voiceflow/openai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a608e865dea4b33cde3e1730149f8122e44d2e8caf9147cefe48b581cce6fc53 The package @voiceflow/openai was found to contain malicious code. Source: google-open-source-security...