Lucene search
+L

688 matches found

Spring Security Advisories
Spring Security Advisories
added 2024/09/26 12:0 a.m.17 views

AI Meets Spring Petclinic: Implementing an AI Assistant with Spring AI (Part I)

Introduction In this two-parts blog post, I will discuss the modifications I made to Spring Petclinic to incorporate an AI assistant that allows users to interact with the application using natural language. Introduction to Spring Petclinic Spring Petclinic serves as the primary reference...

6.4AI score
Exploits0
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.5 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2, which results in a denial of service due to improper handling of user-supplied input to the "/api/v1/get-upload-file" api endpoint...

7.5CVSS6.3AI score0.13893EPSS
Exploits0References2
Securelist
Securelist
added 2024/08/12 10:0 a.m.15 views

Indirect prompt injection in the real world: how people manipulate neural networks

What is prompt injection? Large language models LLMs – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. For this reason, third-party applications that make use of them are also mushrooming, from systems for document...

7.9AI score
Exploits0
0day.today
0day.today
added 2024/08/08 12:0 a.m.215 views

Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability

Title: Open WebUI Stored Cross-Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper...

6.1CVSS7AI score0.00657EPSS
Exploits3
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.6 views

lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from improper access control and can be exploited by an attacker to change the name of an organization...

5.3CVSS6.8AI score0.00407EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/06/15 7:49 a.m.20 views

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models LLMs using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission DPC. The company expressed disappointment at...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.9 views

ChuanhuChatGPT Path Traversal Vulnerability

ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from a path traversal vulnerability that stems from the use of an outdated gradio component that is susceptible to path traversal attacks...

9.8CVSS6.8AI score0.03757EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.7 views

Lunary 安全漏洞

Lunary is lunary open source a production toolkit for LLM. Lunary has an authorization issue vulnerability that stems from the lack of proper authorization checks in the dataset deletion end node, which can be exploited by an attacker to delete any dataset...

7.5CVSS6.8AI score0.00484EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.8 views

Number withdrawn

Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...

6.8AI score
Exploits0References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

ChuanhuChatGPT Information Disclosure Vulnerability

ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from an information disclosure vulnerability that stems from a timing attack vulnerability in the password comparison logic...

7.5CVSS6.4AI score0.01411EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

ChuanhuChatGPT Access Control Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. ChuanhuChatGPT suffers from an access control error vulnerability that stems from an improper access control mechanism...

6.5CVSS6.8AI score0.00503EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An improper access control vulnerability exists in lunary, which can be exploited by an attacker to update any organization user as the organization owner...

8.1CVSS6.8AI score0.00494EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/06/03 12:0 a.m.6 views

The vulnerability of Ollama’s system for running and managing large language models (LLMs) lies in its reliance on reverse DNS resolution for IP addresses. This allows attackers to perform DNS Rebinding attacks or cause service failures.

The vulnerability of Ollama’s system for running and managing large language models is related to the use of reverse DNS resolution for IP addresses. Exploiting this vulnerability could allow a remote attacker to perform a DNS Rebinding attack or cause a service failure...

10CVSS6.6AI score0.00334EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.7 views

编号撤回

Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...

6.8AI score
Exploits0References3
Akamai Blog
Akamai Blog
added 2024/04/24 1:0 p.m.3 views

Getting Started with LLMs: Managing Data Collection

...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

编号撤回

Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...

6.8AI score
Exploits0References4
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.6 views

编号撤回

Lunary is a production toolkit for LLMs from lunary open source. This CVE number has been withdrawn...

6.8AI score
Exploits0References3
The Hacker News
The Hacker News
added 2024/02/26 10:29 a.m.36 views

Three Tips to Protect Your Secrets from AI Accidents

Last year, the Open Worldwide Application Security Project OWASP published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models,...

8.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/07 12:4 p.m.12 views

Teaching LLMs to Be Deceptive

Interesting research: "Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training": Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given th...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/26 12:9 p.m.17 views

Chatbots and Human Conversation

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you...

6.9AI score
Exploits0
Rows per page
Query Builder