OpenAI Kept Mum About Hack of Sensitive AI Research

Security breach potentially exposed internal secrets at AI research firm OpenAI after hackers accessed discussions on sensitive AI…...

PT-2024-28930 · Openai · Openai Chatgpt

Name of the Vulnerable Software and Affected Versions: OpenAI ChatGPT app versions prior to 2024-07-05 for macOS Description: The issue concerns the OpenAI ChatGPT app for macOS, which opts out of the sandbox and stores conversations in cleartext in a location accessible to other apps. This could...

CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

PT-2024-26988

Name of the Vulnerable Software and Affected Versions Flowise version 1.4.3 Description The issue concerns a lack of sanitization of the fileName body parameter in the "/api/v1/openai-assistants-file" endpoint, which is located in the index.ts file. This lack of sanitization leads to an arbitrary...

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from a lack of cleanup of the fileName parameter, leaving /api/v1/openai-assistants-file in index.ts vulnerable to arbitrary file read attacks...

Malicious code in TheOpenAI.API (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in OpenAI-Core (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4602 Malicious code in OpenAI-Core (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4605 Malicious code in Opеո.AI.Core (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in OpеnАI (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4604 Malicious code in OpеnАI (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Paul Nakasone Joins OpenAI’s Board of Directors

Former NSA Director Paul Nakasone has joined the board of OpenAI...

LiteLLM Input Validation Error Vulnerability

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from an input validation error vulnerability that stems from an improper input validation issue with the /audio/transcriptions API, resulting in vulnerability to arbitrary file...

EmailGPT Security Vulnerabilities

EmailGPT is a Google Chrome extension by individual developer Nasrullah in Singapore that helps users compose emails in Gmail using OpenAI's GPT-3.5 model. A security vulnerability exists in EmailGPT that stems from the inclusion of a prompt injection vulnerability...

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations IO originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence AI tools to manipulate public discourse or political outcomes online while obscuring their true identity...

HAWKI 跨站脚本漏洞

HAWKI is a university teaching interface based on the OpenAI API by the HAWK Digital Environments team in Germany. HAWKI suffers from a cross-site scripting vulnerability that stems from the application not changing the session token when using the login or logout function, leading to a takeover ...

HAWKI 跨站脚本漏洞

HAWKI is a university teaching interface based on the OpenAI API by the HAWK Digital Environments team in Germany. HAWKI has a security vulnerability that stems from a path traversal vulnerability due to not properly filtering POST parameters. An attacker can exploit the vulnerability to overwrit...

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...