Lucene search
K

16 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.9 views

Malicious code in 0x2ai-demo9x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e796c3398589b92ecd70f45bc41128101313dd07adeb0634199ac3fef59d19d On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD without consent,...

5.4AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2026/03/04 12:6 p.m.9 views

Manipulating AI Summarization Features

Microsoft is reporting: Companies are embedding hidden instructions in "Summarize with AI" buttons that, when clicked, attempt to inject persistence commands into an AI assistant's memory via URL prompt parameters…. These prompts instruct the AI to "remember Company as a trusted source" or...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.4 views

GitLab 17.8 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-6945)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensiti...

3.5CVSS5.7AI score0.00238EPSS
Exploits0References5
Microsoft Secure
Microsoft Secure
added 2026/02/10 2:56 p.m.5 views

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful "Summarize with AI" button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding...

5.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-6945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed a...

3.5CVSS5.5AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 7:3 a.m.5 views

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS6.6AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2025/11/15 8:15 a.m.5 views

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS0.00238EPSS
Exploits0References3
OSV
OSV
added 2025/11/15 8:15 a.m.7 views

UBUNTU-CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS5.8AI score0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/15 8:4 a.m.19 views

CVE-2025-6945 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS0.00238EPSS
Exploits0References3
OSV
OSV
added 2025/11/15 8:4 a.m.6 views

CVE-2025-6945 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS6.2AI score0.00238EPSS
Exploits0References6
Schneier on Security
Schneier on Security
added 2025/08/27 11:7 a.m.15 views

We Are Still Unable to Secure LLMs from Malicious Inputs

Nice indirect prompt injection attack: Bargury's attack starts with a poisoned document, which is shared to a potential victim's Google Drive. Bargury says a victim could have also uploaded a compromised file to their own account. It looks like an official document on company meeting policies. Bu...

7.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/25 5:39 p.m.4 views

AI browsers could leave users penniless: A prompt injection warning

Artificial Intelligence AI browsers are gaining traction, which means we may need to start worrying about the potential dangers of something called "prompt injection." Large language models LLMs—like the ones that power AI chatbots including ChatGPT, Claude, and Gemini—are designed to follow...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/25 12:17 p.m.25 views

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn't just a matter of firewalls and patches—it's about strategy. The strongest...

10CVSS9.9AI score0.9951EPSS
Exploits20
Packet Storm News
Packet Storm News
added 2025/08/25 12:0 a.m.3 views

Prompt-In-Content Attacks: Exploiting Uploaded Inputs to Hijack LLM Behavior

Large Language Models LLMs are widely deployed in applications that accept user-submitted content, such as uploaded documents or pasted text, for tasks like summarization and question answering. In this paper, we identify a new class of attacks, prompt in content injection, where adversarial...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/07 11:20 a.m.5 views

Hiding Prompt Injections in Academic Papers

Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan's Waseda University, South Korea's KAIST, China's Peking University and the National University of Singapore, as wel...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.2 views

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in a number of Mozilla products, whic...

8.1CVSS6.6AI score0.00492EPSS
Exploits0References9
Rows per page
Query Builder