The Surface You Test Is Not the Surface That Breaks

Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Prior to version 1.83.10, LiteLLM had a security vulnerability. This vulnerability stemmed from the lack of restrictions on the fields that could be modified by the /user and /update...

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as...

EUVD-2026-16478

vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out...

EUVD-2025-13062

Malicious code in bioql PyPI...

EUVD-2024-31707

Malicious code in bioql PyPI...

EUVD-2024-1292

Malicious code in bioql PyPI...

PT-2025-18649 · Nvidia · Nvidia Tensorrt-Llm +1

Name of the Vulnerable Software and Affected Versions: NVIDIA TensorRT-LLM affected versions not specified NVIDIA vGPU software affected versions not specified Description: The issue concerns a data validation problem in the python executor of NVIDIA TensorRT-LLM, which can be exploited by an...

Spacy-LLM Server-Side Template Injection (SSTI) vulnerability

A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...

GHSA-793V-GXFP-9Q9H Spacy-LLM Server-Side Template Injection (SSTI) vulnerability

A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...

CVE-2025-25362

A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...

PT-2024-23313 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is due to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the logo filename parameter in the...

wafl-llm (>=0.0.80 <=0.1.0) potentially affected by unknown CVE via torchserve (=0.7.1)

torchserve PYPI version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - wafl-llm =0.0.80, =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-4MQG-H5JF-J9M7...