Lucene search
K

569 matches found

CNNVD
CNNVD
added 2024/09/13 12:0 a.m.6 views

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...

6.5CVSS6.8AI score0.0044EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.9 views

PT-2024-29974 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3561 Description: The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The data pointer member in this structure is unsafe, allowing for arbitrary address reading...

9.8CVSS6.9AI score0.00603EPSS
Exploits1References17
Veracode
Veracode
added 2024/08/09 8:25 a.m.15 views

Cross Site Scripting (XSS)

openwebui is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the language model executing arbitrary JavaScript as a result of a maliciously crafted prompt...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/08 12:31 a.m.26 views

Open WebUI Stored Cross-Site Scripting Vulnerability

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.3CVSS6.7AI score0.0062EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.583 views

Open WebUI 0.1.105 Persistent Cross Site Scripting

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...

6.3CVSS7.1AI score0.0062EPSS
Exploits3
CVE
CVE
added 2024/08/07 11:1 p.m.64 views

CVE-2024-6706

Open WebUI stores Cross-Site Scripting (XSS) vulnerability CVE-2024-6706 in version 0.1.105 on Debian 12. The issue arises when a malicious prompt coerces the language model into executing arbitrary JavaScript in the context of the web page. Connected advisories (KL-001-2024-005; GHSA-5JP3-WP5V-5...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2024/07/01 6:25 p.m.34 views

CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

6.1CVSS5.8AI score0.00405EPSS
Exploits1References4
NVD
NVD
added 2024/07/01 4:15 p.m.38 views

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

7.5CVSS0.01761EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

vanna Code Injection Vulnerability

Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...

9.8CVSS8.9AI score0.00875EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/06/24 3:3 p.m.45 views

Google Introduces Project Naptime for AI-Powered Vulnerability Research

Google has developed a new framework called Project Naptime that it says enables a large language model LLM to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...

8.3AI score
Exploits0
CNVD
CNVD
added 2024/06/11 12:0 a.m.1 views

Lunary Improper Access Control Vulnerability

lunary is lunary open source a production toolkit for LLM . An improper access control vulnerability exists in lunary, which can be exploited by an attacker to update any organization user as the organization owner...

8.1CVSS6.9AI score0.00494EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.6 views

Lunary Security Breach

Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary version 1.2.13, which stems from inadequate access control...

8.1CVSS6.8AI score0.00431EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.7 views

Lunary 访问控制错误漏洞

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient access control checks and can be exploited by an attacker to update prompt details...

7.6CVSS6.8AI score0.00312EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

Lunary 访问控制错误漏洞

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...

5.4CVSS6.5AI score0.00298EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

LoLLMs Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A command injection vulnerability exists in LoLLMs that stems from a remote code execution vulnerability in the reinstallbinding function in...

9CVSS8.7AI score0.00662EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

lunary 安全漏洞

lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary. An attacker can exploit this vulnerability to obtain sensitive information...

9.1CVSS6.1AI score0.00637EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.8 views

LangChain 安全漏洞

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain that originates from allowing an attacker to generate a malicious payload for the parser via LLM, thereby compromising the availability of the service...

5.9CVSS5.8AI score0.0077EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/03/13 10:14 a.m.31 views

Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats

Google's Gemini large language model LLM is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Goog...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/07 12:0 p.m.18 views

How Public AI Can Strengthen Democracy

With the worlds focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But were learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/03/04 12:30 a.m.37 views

LangChain directory traversal vulnerability

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

8.1CVSS7.9AI score0.0174EPSS
Exploits1References8Affected Software2
Rows per page
Query Builder