Lucene search
K

569 matches found

CVE
CVE
added 2026/05/20 2:58 a.m.20 views

CVE-2025-33255

Summary: CVE-2025-33255 affects NVIDIA TensorRT-LLM (any platform) via an MPI server deserialization vulnerability. The impact described across sources includes code execution, denial of service, data tampering, and information disclosure. The NVIDIA security bulletin specifies remediation by upd...

9.8CVSS5.8AI score0.00566EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/17 12:0 a.m.14 views

Speed Kills: Exploring Confused Deputy Attacks through Edge AI Accelerators

AI Accelerator AIA are specialized hardware e.g., Tensor Processing Unit TPU, that enable optimal and efficient execution of AI applications and on-device inference. The growing demand for AI applications has led to the widespread adoption of AIAs on Edge or embedded devices on Edge or embedded...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.30 views

SUSE CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.28 views

Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

Detecting memory corruption vulnerabilities in stripped binaries requires recovering object semantics, interprocedural propagation, and feasible triggers from low-level, lossy representations. Recent LLM-based approaches improve code understanding, but reliable detection still requires grounding ...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.95 views

ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

6.4AI score
Exploits0
Cvelist
Cvelist
added 2026/05/12 7:58 p.m.43 views

CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

vLLM is an inference and serving engine for large language models LLMs. From 0.18.0 to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The...

6.5CVSS0.00367EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 6:30 p.m.10 views

GHSA-G76P-4VG5-F4QH llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29559

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

6.3AI score0.00327EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.14 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/12 6:16 p.m.11 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS0.00409EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 6:16 p.m.7 views

UBUNTU-CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/12 6:16 p.m.11 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:25 p.m.6 views

CVE-2026-43992

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

LLM 安全漏洞

LLM is a multi-model large language model command-line interaction tool developed by Simon Willison. Versions of LLM 0.27.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of the --functions command-line parameter to directly execute unsafe code using the exe...

9.8CVSS6.1AI score0.00327EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/12 12:0 a.m.13 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.12 views

Iterative Audit Convergence in LLM-Managed Multi-Agent Systems: A Case Study in Prompt Engineering Quality Assurance

Prompt specifications for multi-agent large language model LLM systems carry data contracts and integration logic across many interdependent files but are rarely subjected to structured-inspection rigor. This paper reports a single-system empirical case study of iterative, agent-driven auditing...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-P58C-Q354-6C4F pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 4:17 p.m.11 views

EUVD-2026-21376

LiteLLM has a sandbox escape in custom-code guardrail...

8.8CVSS5.8AI score0.06496EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/05/11 2:35 p.m.11 views

CVE-2026-7817 pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 2:35 p.m.10 views

CVE-2026-7817

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder