Lucene search
K

1535 matches found

Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56259

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.17 through 4.15.0-beta3 Description An authenticated tenant user can call the 'POST /api/core/dataset/collection/create/reTrainingCollection' endpoint to persist a datasetId value belonging to another tenant. This results...

6.3CVSS6.1AI score0.00246EPSS
Exploits0References9
NVD
NVD
added 2026/06/30 1:19 p.m.10 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/30 12:54 p.m.7 views

EUVD-2026-40311

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2
Imperva Blog
Imperva Blog
added 2026/06/30 9:25 a.m.8 views

AI Agents Are Visiting Your Website. Which Ones Should You Trust?

The internet is changing fast. For years, the main goal of search was simple: to help users find links. A user searched, reviewed results, clicked a website, and consumed the content directly from the source. But AI is changing that model. Increasingly, users ask AI assistants for answers instead...

5.9AI score
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-291 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-568 vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object

vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recvobject deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer perspective...

9.8CVSS7.4AI score
Exploits0References8
EUVD
EUVD
added 2026/06/26 8:34 p.m.14 views

EUVD-2026-37516

Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication...

9.3CVSS5.8AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:34 p.m.5 views

GHSA-F65R-H4G3-3H9H Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-48797

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 11:35 p.m.24 views

CVE-2026-48797 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 11:35 p.m.28 views

CVE-2026-48797

Backpropagate is a Python library for fine-tuning LLMs on a single GPU. In versions 1.1.0 and 1.1.1, the Reflex web UI exposes a training control plane without authentication, allowing dataset upload, model load, training control, multi-run orchestration, GGUF export, and HuggingFace Hub push. Th...

9.3CVSS5.5AI score0.00324EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/16 6:24 a.m.116 views

Exploit for CVE-2026-20262

cve-id ⚡ Simple Usage Use this project only in safe and...

8.7CVSS8.6AI score0.07683EPSS
Exploits15
GithubExploit
GithubExploit
added 2026/06/15 9:35 a.m.80 views

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.20 views

RAT: Reference-Augmented Training for ASV Anti-Spoofing

We introduce a spoofing countermeasure architecture conditioned on speaker-reference recordings, but observe that it converges to a solution that effectively ignores the reference during inference. Surprisingly, training with a reference channel induces invariance that improves deepfake detection...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.18 views

Securing Code Understanding: Detecting Natural Backdoor Vulnerability in Code Language Models

Code Language Models CodeLMs have become integral to software engineering, significantly advancing code intelligence tasks. However, their widespread adoption has raised critical security concerns, particularly regarding susceptibility to backdoor attacks. Recent studies have uncovered naturally...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/07 9:39 a.m.96 views

secure-software-development

Secure Software Development — Notes & Exercise Writeups Perso...

7.2CVSS8.1AI score0.83524EPSS
Exploits82
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-5387

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer Administrator roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, an...

9.3CVSS5.4AI score0.00388EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/04 3:10 p.m.18 views

Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that ...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/04 2:33 p.m.71 views

SmartMES-Range

SmartMES Attack-Defense Drill Site The Smart Manufacturing En...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/02 1:2 a.m.75 views

Metasploit-Simulation-lab

🛡️ Metasploit Simulation Lab — Ethical Hacking Training !alt...

5.8AI score
Exploits0
Rows per page
Query Builder