Malicious code in openai-realtime-console-plugin (npm)

The package openai-realtime-console-plugin was found to contain malicious code...

com.prototyper.openai-editor-tool (=0.1.3) potentially affected by unknown CVE via com.unity.nuget.newtonsoft-json (=0.0.1-security)

com.unity.nuget.newtonsoft-json NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on com.unity.nuget.newtonsoft-json and may be impacted: - com.prototyper.openai-editor-tool =0.1.3 Source cves: unknown CVE Source advisory:...

The vulnerability of the Azure OpenAI cloud platform, related to insufficient validation of incoming requests, allows a hacker to escalate their privileges.

The vulnerability of the Azure OpenAI cloud platform is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

CVE-2025-53767

Azure OpenAI Elevation of Privilege Vulnerability...

CVE-2025-53767

Azure OpenAI Elevation of Privilege Vulnerability...

CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability

...

CVE-2025-53767

Azure OpenAI CVE-2025-53767 is an elevation-of-privilege vulnerability rated CVSS v3.1 base score 10 (NETWORK, LOW attack complexity, PR NONE, UI NONE, C:H/I:H/A:N, scope CHANGED). It affects Azure OpenAI and can grant elevated rights with no user interaction. Microsoft has published updates via ...

CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability

...

Azure OpenAI Elevation of Privilege Vulnerability

...

KLA86378 PE vulnerabilities in Microsoft Azure

An elevation of privilege vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure OpenAI can be exploited remotely to gain privileges. 2. A...

Microsoft Azure Open AI 代码问题漏洞

Microsoft Azure Open AI is an artificial intelligence service from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Azure Open AI. An attacker can elevate privileges by exploiting the vulnerability...

PT-2025-32313

Name of the Vulnerable Software and Affected Versions: Azure OpenAI affected versions not specified Description: An elevation of privilege issue exists in Azure OpenAI. Successful exploitation could allow an attacker to gain elevated privileges. Recommendations: At the moment, there is no...

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction...

CVE-2025-7725

CVE-2025-7725 affects the WordPress plugin “Contest Gallery – Upload, Vote & Sell with PayPal and Stripe” (and related Photo/Contest Gallery suite). The vulnerability is a Stored Cross-Site Scripting (XSS) in the comment feature present in all versions up to and including 26.1.0, caused by insuff...

CVE-2025-7725 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to...

Malicious code in openai-tsp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9afad0907413b0e88664cb893d34b71ad10d4a15def77275bc4a654bb21dd7a8 The OpenSSF Package Analysis project identified 'openai-tsp' @ 16.1.0...

MAL-2025-6384 Malicious code in openai-tsp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9afad0907413b0e88664cb893d34b71ad10d4a15def77275bc4a654bb21dd7a8 The OpenSSF Package Analysis project identified 'openai-tsp' @ 16.1.0...

WordPress AI Engine Information Disclosure Vulnerability

WordPress AI Engine is a plugin based on OpenAI technology, which is mainly used to integrate artificial intelligence features into WordPress websites to improve the efficiency of content generation, automated operations and so on. WordPress AI Engine suffers from an information disclosure...

Malicious Package

Overview openai-fm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...