569 matches found
Lunary 访问控制错误漏洞
lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...
PT-2024-29974 · Llama.Cpp · Llama.Cpp
Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3561 Description: The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The data pointer member in this structure is unsafe, allowing for arbitrary address reading...
Cross Site Scripting (XSS)
openwebui is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the language model executing arbitrary JavaScript as a result of a maliciously crafted prompt...
Open WebUI Stored Cross-Site Scripting Vulnerability
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...
Open WebUI 0.1.105 Persistent Cross Site Scripting
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...
CVE-2024-6706
Open WebUI stores Cross-Site Scripting (XSS) vulnerability CVE-2024-6706 in version 0.1.105 on Debian 12. The issue arises when a malicious prompt coerces the language model into executing arbitrary JavaScript in the context of the web page. Connected advisories (KL-001-2024-005; GHSA-5JP3-WP5V-5...
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
CVE-2024-36420
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...
vanna Code Injection Vulnerability
Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Google has developed a new framework called Project Naptime that it says enables a large language model LLM to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...
Lunary Improper Access Control Vulnerability
lunary is lunary open source a production toolkit for LLM . An improper access control vulnerability exists in lunary, which can be exploited by an attacker to update any organization user as the organization owner...
Lunary Security Breach
Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary version 1.2.13, which stems from inadequate access control...
Lunary 访问控制错误漏洞
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient access control checks and can be exploited by an attacker to update prompt details...
Lunary 访问控制错误漏洞
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...
LoLLMs Command Injection Vulnerability
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A command injection vulnerability exists in LoLLMs that stems from a remote code execution vulnerability in the reinstallbinding function in...
lunary 安全漏洞
lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary. An attacker can exploit this vulnerability to obtain sensitive information...
LangChain 安全漏洞
LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain that originates from allowing an attacker to generate a malicious payload for the parser via LLM, thereby compromising the availability of the service...
Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats
Google's Gemini large language model LLM is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Goog...
How Public AI Can Strengthen Democracy
With the worlds focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But were learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...
LangChain directory traversal vulnerability
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...