CVE-2026-42228

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

CVE-2026-2969

CVE-2026-2969 affects datapizza-labs datapizza-ai 0.0.2, specifically the Jinja2 Template Handler’s ChatPromptTemplate in datapizza-ai-core/datapizza/modules/prompt/prompt.py. The vulnerability arises from manipulation of the Prompt argument that leads to improper neutralization of special elemen...

CVE-2026-2969

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

TFL: Targeted Bit-Flip Attack on Large Language Model

Large language models LLMs are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks BFAs, which exploit computer main memory i.e., DRAM vulnerabilitie...

Improper Neutralization of Input Used for LLM Prompting

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting. LLM prompt construction fails to sanitize user-controlled...

PT-2025-50556

Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...

EUVD-2024-48393

Malicious code in bioql PyPI...

CVE-2025-58370

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...

Exploit for CVE-2025-51859

CVE-2025-51859 Vulnerability description Chaindesk, a w...

Mozilla Thunderbird < 115.14

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-38 advisory. - Unexpected marking work at the start of sweeping could have led to a use-after-free. CVE-2024-7527 -...

Indirect Instruction Injection in Multi-Modal LLMs

Interesting research: "Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs": Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding t...