Lucene search
K

627 matches found

Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.34 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.44 views

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.37 views

The Surface You Test Is Not the Surface That Breaks

Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.21 views

An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations

Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model LLM agent systems report strong results on isolat...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/24 3:36 p.m.13 views

Malicious Package

Overview llm-context-compressor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/23 9:34 a.m.11 views

MAL-2026-4484 Malicious code in ask-my-llm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9429d8e8e36f3d97c246ce408491ea570ab5d3f5e7cb2481a3c2ea4b7c8477b8 index.js requires childprocess and contains hardcoded POST calls to https://cows.info.gf at lines 67 and 100, alongside references to process.env at...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 12:0 a.m.15 views

Malicious code in llm-context-compressor (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score
Exploits0References7
OSV
OSV
added 2026/05/23 12:0 a.m.15 views

MAL-2026-4278 Malicious code in llm-context-compressor (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score
Exploits0References7
Cvelist
Cvelist
added 2026/05/21 8:34 p.m.38 views

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS0.00653EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:34 p.m.9 views

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References8
OSV
OSV
added 2026/05/21 8:34 p.m.4 views

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.7CVSS7.3AI score0.00653EPSS
Exploits2References14
Vulnrichment
Vulnrichment
added 2026/05/21 8:33 p.m.11 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References8
EUVD
EUVD
added 2026/05/21 8:33 p.m.12 views

EUVD-2026-31346

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References7
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Prior to version 1.83.10, LiteLLM had a security vulnerability. This vulnerability stemmed from the lack of restrictions on the fields that could be modified by the /user and /update...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References1
NVD
NVD
added 2026/05/20 4:16 a.m.21 views

CVE-2026-24163

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

9.8CVSS0.00594EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 4:16 a.m.25 views

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00468EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 3:3 a.m.12 views

CVE-2026-24163

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 3:3 a.m.13 views

CVE-2026-24163

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 3:1 a.m.9 views

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

5.5CVSS5.8AI score0.00468EPSS
Exploits0References4
Rows per page
Query Builder