Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without...

CVE-2026-43995

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

EUVD-2025-21457

Malicious code in bioql PyPI...

CVE-2025-50819

Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 when parsing the the topic.yml file in the generation logic in dailyarxiv.py...

CVE-2025-50819

Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 when parsing the the topic.yml file in the generation logic in dailyarxiv.py...

arxiv-daily 路径遍历漏洞

arxiv-daily is an automated paper updater for OMAR Individual Developers. A security vulnerability exists in arxiv-daily version 2025-05-06, which stems from a directory traversal vulnerability when parsing the topic.yml file...

PT-2025-29568 · Unknown · Beiyuouo Arxiv-Daily

Name of the Vulnerable Software and Affected Versions: beiyuouo arxiv-daily versions through 2025-05-06 commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 Description: A directory traversal vulnerability exists when parsing the topic.yml file in the generation logic within daily arxiv.py...

CVE-2025-50819

Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 when parsing the the topic.yml file in the generation logic in dailyarxiv.py...

CVE-2025-50819

CVE-2025-50819 affects beiyuouo arxiv-daily prior to 2025-05-06. The vulnerability is a directory traversal in the parsing of topic.yml in daily_arxiv.py (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687). Impact is described as HIGH with local exploitation and high integrity/availability impact. ...

CVE-2025-50819

Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 when parsing the the topic.yml file in the generation logic in dailyarxiv.py...

Expected Behavior Violation

Overview llama-index-readers-papers is a llama-index readers papers integration Affected versions of this package are vulnerable to Expected Behavior Violation via the ArxivReader process. An attacker can cause data loss by uploading papers with identical titles but different contents, resulting ...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex 0.12.22.post1 and earlier versions, which stems from an MD5 hash conflict when generating filenames in the ArxivReader class, which could lead to data loss...

CVE-2024-12392

A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

CVE-2024-10986

GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...

The vulnerability of the data loading function from the arxiv scientific article archive in the GPT Academic machine learning application allows a hacker to perform an SSRF attack.

The vulnerability of the data loading function in the arxiv scientific article application for machine learning GPT Academic is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +249 more potentially affected by CVE-2023-39631 via langchain (>=0.0.100 <=0.0.306)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.0.40 and more Source cves: CVE-2023-39631 Source advisory: OSV:GHSA-F73W-4M7G-CH9X...