Low Rank Comes with Low Security: Gradient Assembly Poisoning Attacks against Distributed LoRA-Based LLM Systems

Low-Rank Adaptation LoRA has become a popular solution for fine-tuning large language models LLMs in federated settings, dramatically reducing update costs by introducing trainable low-rank matrices. However, when integrated with frameworks like FedIT, LoRA introduces a critical vulnerability:...

EUVD-2025-23371

Malicious code in bioql PyPI...

CVE-2025-45150

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request...

CVE-2025-45150

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request...

LangChain-ChatGLM-Webui 安全漏洞

LangChain-ChatGLM-Webui is an X-D Lab open source AI based on automated quizzing against a local knowledge base. A security vulnerability exists in LangChain-ChatGLM-Webui version ef829, which stems from insecure privileges that allow an attacker to view and download sensitive files via a special...

CVE-2025-45150

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request...

PT-2025-31654 · Unknown · Langchain-Chatglm-Webui

Name of the Vulnerable Software and Affected Versions: LangChain-ChatGLM-Webui commit ef829 Description: An insecure permissions issue in LangChain-ChatGLM-Webui commit ef829 allows attackers to view and download sensitive files by submitting a crafted request. Recommendations: Address the insecu...