Lucene search
+L

102 matches found

cve
cve
added 2025/12/02 12:0 a.m.11 views

CVE-2025-63872

DeepSeek V3.2 is affected by an XSS vulnerability that allows JavaScript execution through model-generated SVG content. The CVE-2025-63872 entry notes a network-based vulnerability with low exploit complexity and requiring user interaction , resulting in a Medium (6.1) base score per CVSS 3.1. Mu...

6.1CVSS6AI score0.00218EPSS
Exploits1References1Affected Software1
packetstormnews
packetstormnews
added 2025/11/28 12:0 a.m.6 views

Evaluating LLMs for One-Shot Patching of Real and Artificial Vulnerabilities

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models LLMs present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using publicly disclosed vulnerabilities, leaving their...

7.4AI score
Exploits0
thn
thn
added 2025/11/24 11:7 a.m.6 views

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs

New research from CrowdStrike has revealed that DeepSeek's artificial intelligence AI reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives prompts containing...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/11/23 12:0 a.m.14 views

TASO: Jailbreak LLMs Via Alternative Template and Suffix Optimization

Many recent studies showed that LLMs are vulnerable to jailbreak attacks, where an attacker can perturb the input of an LLM to induce it to generate an output for a harmful question. In general, existing jailbreak techniques either optimize a semantic template intended to induce the LLM to produc...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/11/21 12:0 a.m.7 views

ReVul-CoT: Towards Effective Software Vulnerability Assessment with Retrieval-Augmented Generation and Chain-Of-Thought Prompting

Context: Software Vulnerability Assessment SVA plays a vital role in evaluating and ranking vulnerabilities in software systems to ensure their security and reliability. Objective: Although Large Language Models LLMs have recently shown remarkable potential in SVA, they still face two major...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/11/06 12:0 a.m.8 views

Black-Box Guardrail Reverse-Engineering Attack

Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...

7.3AI score
Exploits0
wired
wired
added 2025/10/27 9:0 a.m.3 views

Chatbots Are Pushing Sanctioned Russian Propaganda

ChatGPT, Gemini, DeepSeek, and Grok are serving users propaganda from Russian-backed media when asked about the invasion of Ukraine, new research finds...

7AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26507

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.0054EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/09/05 12:34 a.m.11 views

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

8.8CVSS7.1AI score0.0054EPSS
Exploits1References1
osv
osv
added 2025/09/03 2:15 p.m.6 views

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

8.8CVSS5.9AI score0.0054EPSS
Exploits1References3
nvd
nvd
added 2025/09/03 2:15 p.m.7 views

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

8.8CVSS0.0054EPSS
Exploits1References3
thn
thn
added 2025/09/03 11:45 a.m.9 views

Detecting Data Leaks Before Disaster

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek...

6.9AI score
Exploits0
ptsecurity
ptsecurity
added 2025/09/03 12:0 a.m.9 views

PT-2025-35720

Name of the Vulnerable Software and Affected Versions: DeepSeek versions R1 through V3.1 Description: DeepSeek versions R1 through V3.1 are susceptible to Cross-Site Scripting XSS, allowing for the execution of JavaScript in the context of the run-html-chat.deepseeksvc.com domain. Some sources...

8.8CVSS5.7AI score0.0054EPSS
Exploits1References11
cvelist
cvelist
added 2025/09/03 12:0 a.m.21 views

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

0.0054EPSS
Exploits1References3
cve
cve
added 2025/09/03 12:0 a.m.35 views

CVE-2025-26210

DeepSeek R1 through V3.1 are affected by a Cross-Site Scripting (XSS) vulnerability described as enabling JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. The CVE-2025-26210 entry explicitly states XSS for versions R1–V3.1; third-party sources note that this behavi...

8.8CVSS6.5AI score0.0054EPSS
Exploits1References3Affected Software3
vulnrichment
vulnrichment
added 2025/09/03 12:0 a.m.4 views

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

6.5AI score0.0054EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/09/03 12:0 a.m.8 views

DeepSeek R1 安全漏洞

DeepSeek R1 is a large language modeling and AI technology platform from China-based DeepSeek. A security vulnerability exists in DeepSeek R1 V3.1 and earlier versions, which stems from the unspecified input field is vulnerable to cross-site scripting attacks and could lead to the execution of...

8.8CVSS6.3AI score0.0054EPSS
Exploits1References5
ossf
ossf
added 2025/08/28 7:25 a.m.4 views

Malicious code in deepseek-r1-webgpu (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/08/28 7:25 a.m.3 views

MAL-2025-41550 Malicious code in deepseek-r1-webgpu (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
securelist
securelist
added 2025/06/11 10:0 a.m.25 views

Toxic trend: Another malware threat targets DeepSeek

Introduction DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to...

7.1AI score
Exploits0
Rows per page
Query Builder