594 matches found
EUVD-2026-35112
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...
llm-endpoint-vulnerability-poc
LLM Endpoint Vulnerability PoC A proof-of-concept for exposin...
CVE-2025-33255
NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...
CVE-2026-24142
NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
CVE-2026-24160
NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-5627
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...
CVE-2026-42271
A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...
@byside/llm (>=0.1.0 <=0.1.1), agentic-control (=1.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=1.1.0)
ai-sdk-ollama NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @byside/llm =0.1.0, =0.1.1 - agentic-control =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...
PT-2026-45209
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...
Exploit for SQL Injection in Litellm
CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...
Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety
Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...
R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge
The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...
The Surface You Test Is Not the Surface That Breaks
Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...
An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations
Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model LLM agent systems report strong results on isolat...
Malicious Package
Overview llm-context-compressor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
MAL-2026-4484 Malicious code in ask-my-llm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9429d8e8e36f3d97c246ce408491ea570ab5d3f5e7cb2481a3c2ea4b7c8477b8 index.js requires childprocess and contains hardcoded POST calls to https://cows.info.gf at lines 67 and 100, alongside references to process.env at...
Malicious code in llm-context-compressor (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4278 Malicious code in llm-context-compressor (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
CVE-2026-47102
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...