Lucene search
+L

126 matches found

Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.28 views

Towards Secure Retrieval-Augmented Generation: A Comprehensive Review of Threats, Defenses and Benchmarks

Retrieval-Augmented Generation RAG significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces complex system-level security vulnerabilities. Guided by the R...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the deleteapikeyroute endpoint, which did not verify the ownership of the...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 12:31 p.m.4 views

EUVD-2025-208825

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

8CVSS5.8AI score0.00344EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/18 12:31 p.m.9 views

EUVD-2026-12813

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

6.3CVSS5.8AI score0.00232EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 11:8 a.m.3 views

CVE-2025-41258

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

8CVSS5.8AI score0.00344EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/18 11:8 a.m.8 views

CVE-2025-41258 LibreChat RAG API Authentication Bypass

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

8CVSS5.8AI score0.00344EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.12 views

PT-2026-26053

🟠 CVE-2025-41258 - High LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API. https://t.co/MJXOI2sVrJ https://t.co/WsKiIkw0M2...

8CVSS5.8AI score0.00344EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/16 6:32 p.m.23 views

EUVD-2026-12454

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries...

5.8AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.13 views

LibreChat RAG API 安全漏洞

LibreChat RAG API is an open-source interface service for building retrieval-enhanced generation capabilities in LibreChat. Version 0.7.0 of the LibreChat RAG API contains a security vulnerability, which stems from log injection, potentially allowing attackers to forge log entries...

7.5CVSS6AI score0.00277EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/03/05 12:0 a.m.8 views

SecureRAG-RTL: A Retrieval-Augmented, Multi-Agent, Zero-Shot LLM-Driven Framework for Hardware Vulnerability Detection

Large language models LLMs have shown remarkable capabilities in natural language processing tasks, yet their application in hardware security verification remains limited due to scarcity of publicly available hardware description language HDL datasets. This knowledge gap constrains LLM performan...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/24 6:25 p.m.187 views

ai-security-toolkit

...

5.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/02/24 12:0 a.m.46 views

This Week in Spring - February 24th, 2026

Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...

5.5AI score
Exploits0
EUVD
EUVD
added 2026/02/16 12:30 p.m.10 views

EUVD-2026-6091

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

7.5CVSS5.1AI score0.00477EPSS
Exploits2References10
NVD
NVD
added 2026/02/16 12:16 p.m.7 views

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

7.5CVSS0.0031EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/16 12:2 p.m.6 views

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

5CVSS5.1AI score0.0031EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/16 12:2 p.m.4 views

CVE-2026-2555 JeecgBoot Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

5CVSS5.1AI score0.0031EPSS
Exploits1References5
NVD
NVD
added 2026/02/07 9:15 p.m.10 views

CVE-2026-2111

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

5.3CVSS0.00517EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/07 8:32 p.m.10 views

EUVD-2026-5716

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

5.3CVSS5.1AI score0.00517EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/07 8:32 p.m.6 views

CVE-2026-2111 JeecgBoot Retrieval-Augmented Generation edit path traversal

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

5.3CVSS5.2AI score0.00517EPSS
Exploits1References4
CVE
CVE
added 2026/02/07 8:32 p.m.23 views

CVE-2026-2111

JeecgBoot

5.3CVSS4.9AI score0.00517EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder