102 matches found
CVE-2025-63872
DeepSeek V3.2 is affected by an XSS vulnerability that allows JavaScript execution through model-generated SVG content. The CVE-2025-63872 entry notes a network-based vulnerability with low exploit complexity and requiring user interaction , resulting in a Medium (6.1) base score per CVSS 3.1. Mu...
Evaluating LLMs for One-Shot Patching of Real and Artificial Vulnerabilities
Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models LLMs present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using publicly disclosed vulnerabilities, leaving their...
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
New research from CrowdStrike has revealed that DeepSeek's artificial intelligence AI reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives prompts containing...
TASO: Jailbreak LLMs Via Alternative Template and Suffix Optimization
Many recent studies showed that LLMs are vulnerable to jailbreak attacks, where an attacker can perturb the input of an LLM to induce it to generate an output for a harmful question. In general, existing jailbreak techniques either optimize a semantic template intended to induce the LLM to produc...
ReVul-CoT: Towards Effective Software Vulnerability Assessment with Retrieval-Augmented Generation and Chain-Of-Thought Prompting
Context: Software Vulnerability Assessment SVA plays a vital role in evaluating and ranking vulnerabilities in software systems to ensure their security and reliability. Objective: Although Large Language Models LLMs have recently shown remarkable potential in SVA, they still face two major...
Black-Box Guardrail Reverse-Engineering Attack
Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...
Chatbots Are Pushing Sanctioned Russian Propaganda
ChatGPT, Gemini, DeepSeek, and Grok are serving users propaganda from Russian-backed media when asked about the invasion of Ukraine, new research finds...
EUVD-2025-26507
Malicious code in bioql PyPI...
CVE-2025-26210
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...
CVE-2025-26210
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...
CVE-2025-26210
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...
Detecting Data Leaks Before Disaster
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek...
PT-2025-35720
Name of the Vulnerable Software and Affected Versions: DeepSeek versions R1 through V3.1 Description: DeepSeek versions R1 through V3.1 are susceptible to Cross-Site Scripting XSS, allowing for the execution of JavaScript in the context of the run-html-chat.deepseeksvc.com domain. Some sources...
CVE-2025-26210
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...
CVE-2025-26210
DeepSeek R1 through V3.1 are affected by a Cross-Site Scripting (XSS) vulnerability described as enabling JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. The CVE-2025-26210 entry explicitly states XSS for versions R1–V3.1; third-party sources note that this behavi...
CVE-2025-26210
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...
DeepSeek R1 安全漏洞
DeepSeek R1 is a large language modeling and AI technology platform from China-based DeepSeek. A security vulnerability exists in DeepSeek R1 V3.1 and earlier versions, which stems from the unspecified input field is vulnerable to cross-site scripting attacks and could lead to the execution of...
Malicious code in deepseek-r1-webgpu (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41550 Malicious code in deepseek-r1-webgpu (npm)
--- -= Per source details. Do not edit below this line.=-...
Toxic trend: Another malware threat targets DeepSeek
Introduction DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to...