Lucene search
K

594 matches found

EUVD
EUVD
added 2026/06/08 3:31 p.m.11 views

EUVD-2026-35112

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/07 7:26 p.m.103 views

llm-endpoint-vulnerability-poc

LLM Endpoint Vulnerability PoC A proof-of-concept for exposin...

10CVSS7.1AI score0.99999EPSS
Exploits354
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.12 views

CVE-2025-33255

NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

9.8CVSS5.5AI score0.00566EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.12 views

CVE-2026-24142

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

9.8CVSS5.6AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS5.4AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5627

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS7.9AI score0.00809EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.14 views

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...

8.8CVSS5.8AI score0.80188EPSS
Exploits2References6
vulnersOsv
vulnersOsv
added 2026/06/02 9:0 p.m.8 views

@byside/llm (>=0.1.0 <=0.1.1), agentic-control (=1.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=1.1.0)

ai-sdk-ollama NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @byside/llm =0.1.0, =0.1.1 - agentic-control =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.23 views

PT-2026-45209

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...

3.3CVSS5.5AI score0.00069EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/30 4:51 a.m.141 views

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...

9.8CVSS6.1AI score0.86607EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.34 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.44 views

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.37 views

The Surface You Test Is Not the Surface That Breaks

Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.21 views

An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations

Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model LLM agent systems report strong results on isolat...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/24 3:36 p.m.13 views

Malicious Package

Overview llm-context-compressor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/23 9:34 a.m.11 views

MAL-2026-4484 Malicious code in ask-my-llm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9429d8e8e36f3d97c246ce408491ea570ab5d3f5e7cb2481a3c2ea4b7c8477b8 index.js requires childprocess and contains hardcoded POST calls to https://cows.info.gf at lines 67 and 100, alongside references to process.env at...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 12:0 a.m.15 views

Malicious code in llm-context-compressor (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score
Exploits0References7
OSV
OSV
added 2026/05/23 12:0 a.m.15 views

MAL-2026-4278 Malicious code in llm-context-compressor (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:34 p.m.9 views

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References8
OSV
OSV
added 2026/05/21 8:34 p.m.4 views

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.7CVSS7.3AI score0.00653EPSS
Exploits2References14
Rows per page
Query Builder