CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

593 matches found

Packet Storm News•added 2026/05/21 12:0 a.m.•6 views

Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems

Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...

5.8AI score

Exploits0

vulnersOsv•added 2026/05/11 9:0 p.m.•6 views

athina (=1.1.0), atlas-mcp (=0.1.0) +7 more potentially affected by unknown CVE via guardrails-ai (>=0.10.0 <=0.8.0)

guardrails-ai PYPI version =0.10.0, =0.1.39, =0.0.0a0, =0.0.1, =0.1.0, =0.1.3 Source cves: unknown CVE Source advisory: SNYK:PYTHON-GUARDRAILSAI-16641086...

5.8AI score

Exploits0

vulnersOsv•added 2026/05/11 2:27 p.m.•5 views

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-44345 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-44345 Source advisory: SNYK:PYTHON-BENTOML-16642321...

5.8AI score0.00046EPSS

Exploits1

The Hacker News•added 2026/05/10 12:41 p.m.•14 views

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as...

9.1CVSS6.9AI score0.00311EPSS

Exploits2

Packet Storm News•added 2026/05/08 12:0 a.m.•3 views

When the Ruler Is Broken: Parsing-Induced Suppression in LLM-Based Security Log Evaluation

LLM-based SOC log classifiers are commonly evaluated using regular-expression pipelines that extract structured fields from free-form model output. We demonstrate that this practice introduces a class of silent, systematic evaluation errors, which we term parsing-induced suppression that can caus...

5.8AI score

Exploits0

Packet Storm News•added 2026/05/05 12:0 a.m.•1 views

Redefining AI Red Teaming in the Agentic Era: From Weeks to Hours

AI systems are entering critical domains like healthcare, finance, and defense, yet remain vulnerable to adversarial attacks. While AI red teaming is a primary defense, current approaches force operators into manual, library-specific workflows. Operators spend weeks hand-crafting workflows -...

5.8AI score

Exploits0

Packet Storm News•added 2026/04/30 12:0 a.m.•1 views

Attention Is Where You Attack

Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...

5.8AI score

Exploits0

Packet Storm News•added 2026/04/28 12:0 a.m.•7 views

OpenSOC-AI: Democratizing Security Operations with Parameter Efficient LLM Log Analysis

Small and medium sized businesses SMBs face an escalating cybersecurity threat landscape, yet most lack the resources to staff full Security Operations Centers SOCs or deploy enterprise grade detection platforms. This paper presents OpenSOC-AI, a lightweight log analysis framework that uses...

5.4AI score

Exploits0

CNNVD•added 2026/04/20 12:0 a.m.•5 views

Serge 安全漏洞

Serge is an open-source web interface for chatting through llama.cpp. Versions of Serge prior to 1.4TB contain security vulnerabilities. These vulnerabilities stem from improper handling of the downloadmodel/deletemodel function in the file api/src/serge/routers/model.py, which may lead to lack o...

6.9CVSS6.6AI score0.00136EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/06 12:34 p.m.•4 views

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

8.6CVSS7AI score0.00351EPSS

Exploits3Affected Software2

vulnersOsv•added 2026/04/03 10:3 p.m.•3 views

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-35043 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-35043 Source advisory: SNYK:PYTHON-BENTOML-15909743...

7.8CVSS5.8AI score0.00029EPSS

Exploits1

SUSE CVE•added 2026/04/02 11:26 p.m.•2 views

SUSE CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.4AI score0.00534EPSS

Exploits2References3

vulnersOsv•added 2026/04/02 6:15 a.m.•0 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +1 more potentially affected by CVE-2026-5320 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-5320 Source advisory: SNYK:PYTHON-VANNA-15873865...

7.5CVSS7.1AI score0.00105EPSS

Exploits0

vulnersOsv•added 2026/04/02 6:15 a.m.•0 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +1 more potentially affected by CVE-2026-5321 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-5321 Source advisory: SNYK:PYTHON-VANNA-15873866...

5.3CVSS5.8AI score0.00006EPSS

Exploits0