AI SDK 安全漏洞

AI SDK is a TypeScript AI toolkit open-sourced by Vercel. A security vulnerability exists in AI SDK versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta, which stems from the possibility that a user could bypass the file type whitelist to upload a file...

PT-2025-25512 · Letta-Ai · Letta-Ai

Name of the Vulnerable Software and Affected Versions: letta-ai letta versions up to 0.4.1 Description: A critical issue has been found in the function function message of the file letta/letta/interface.py. The manipulation of the argument function name/function args leads to improper...

PT-2025-17188 · Bertha Ai · Bertha Ai

Name of the Vulnerable Software and Affected Versions: BERTHA AI versions 1.12.10.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows for the exploitation of incorrectly configured access control security levels. This enables unauthorized access...

AMD Ryzen™ AI Software Vulnerabilities

AMD ID: AMD-SB-7037 Potential Impact: Refer to the CVE Details section Severity: High Summary AMD Bug Bounty researchers reported four vulnerabilities in AMD Ryzen™ AI Software...

GHSA-PWJQ-FX3V-8F9R Drupal AI Vulnerable to OS Command Injection via Optional Automator Types

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Drupal AI Artificial Intelligence allows OS Command Injection. This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.5...

CVE-2024-8998

A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...

PT-2025-12257 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git f07a845 lunary-ai/lunary versions prior to 1.4.26 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the server, which uses the regex /.?/ to match user-controlled strings. In the...

AMD Ryzen™ AI Software

Bulletin ID: AMD-SB-7017 Potential Impact: Arbitrary Code Execution, System Crash Severity: High Summary AMD Ryzen™ AI Software includes the tools and runtime libraries for optimizing and deploying AI inference on AMD Ryzen™ AI powered PCs. Ryzen™ AI software enables applications to run on the...

Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has...

Devika 安全漏洞

Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. Devika suffers from a security vulnerability that stems from the presence of a...

Devika Security Breach

Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from the presence of relative path...

CVE-2024-4151

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to...

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesnt happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No,...

Detecting Shoplifting Behavior

This system claims to detect suspicious behavior that indicates shoplifting: Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body languag...