Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:20 p.m.โ€ข10 views

CVE-2026-41271

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

8.3CVSS7.2AI score0.00233EPSS
Exploits1References1
NVD
NVD
โ€ขadded 2026/04/23 8:16 p.m.โ€ข12 views

CVE-2026-41271

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

8.3CVSS0.00233EPSS
Exploits1References1
Snyk
Snyk
โ€ขadded 2026/04/16 9:52 p.m.โ€ข7 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via postCore.ts. An attacker can cause the server to make arbitrary HTTP requests to internal or external systems by injecting malicious prompt templates that...

8.3CVSS5.9AI score0.00233EPSS
Exploits1References2
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/05 12:0 a.m.โ€ข47 views

PT-2026-30458

๐Ÿšจ LIVE HIJACK ALERT โ€” CVE-2026-55555. CVSS 9.3. langchain agents reading tool output as trusted input. attacker returns malicious prompt in tool result. agent executes it as instruction. investigating. ๐Ÿงต...

5.9AI score
Exploits0References1
NVD
NVD
โ€ขadded 2025/09/04 10:42 a.m.โ€ข72 views

CVE-2025-58357

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...

9.6CVSS0.00597EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/07/31 12:0 a.m.โ€ข7 views

MCP Server Prompt Injection

Model Context Protocol MCP Server Prompt Injection occurs when malicious actors use tools response to inject malicious prompts to the calling LLM through the MCP client. This can lead to the execution of unauthorized commands, data corruption, or the deployment of malicious tools. Such...

7.8AI score
Exploits0References2
Packet Storm News
Packet Storm News
โ€ขadded 2025/06/22 12:0 a.m.โ€ข27 views

Malicious LLM-Based Conversational AI Makes Users Reveal Personal Information

LLM-based Conversational AIs CAIs, also known as GenAI chatbots, like ChatGPT, are increasingly used across various domains, but they pose privacy risks, as users may disclose personal information during their conversations with CAIs. Recent research has demonstrated that LLM-based CAIs could be...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
โ€ขadded 2025/05/22 12:0 a.m.โ€ข31 views

Invisible Prompts, Visible Threats: Malicious Font Injection in External Resources for Large Language Models

Large Language Models LLMs are increasingly equipped with capabilities of real-time web search and integrated with protocols like Model Context Protocol MCP. This extension could introduce new security vulnerabilities. We present a systematic investigation of LLM vulnerabilities to hidden...

7.8AI score
Exploits0
Packet Storm News
Packet Storm News
โ€ขadded 2025/05/20 12:0 a.m.โ€ข7 views

Evaluating the Efficacy of LLM Safety Solutions : the Palit Benchmark Dataset

Large Language Models LLMs are increasingly integrated into critical systems in industries like healthcare and finance. Users can often submit queries to LLM-enabled chatbots, some of which can enrich responses with information retrieved from internal databases storing sensitive data. This gives...

6.5AI score
Exploits0
Veracode
Veracode
โ€ขadded 2024/08/09 8:25 a.m.โ€ข15 views

Cross Site Scripting (XSS)

openwebui is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the language model executing arbitrary JavaScript as a result of a maliciously crafted prompt...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References4Affected Software1
The Hacker News
The Hacker News
โ€ขadded 2023/01/09 1:37 p.m.โ€ข29 views

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service DoS attacks. "To better interact with users, a wide range of database applications employ AI...

7.9AI score
Exploits0
Rows per page
Query Builder