Lucene search
K

29 matches found

NVD
NVD
added 2026/06/23 8:16 p.m.20 views

CVE-2026-45792

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...

6.9CVSS0.00078EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/03 8:54 a.m.88 views

summary-awi-poc

summary-awi-poc Public proof-of-concept repository for valida...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/16 1:20 a.m.7 views

Insertion of Sensitive Information into Log File

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through the Client handling of events. An attacker can bypass redaction controls and...

6.3CVSS5.8AI score0.00214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

9.3CVSS6.2AI score0.01426EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-32097

PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 12:42 a.m.17 views

CVE-2026-25802

CVE context: The connected GHSA advisory GHSA-299V-8PQ9-5GJQ documents a potential XSS in a new API’s MarkdownRenderer component. The vulnerable path is in MarkdownRenderer.jsx (lines 212–231) that uses dangerouslySetInnerHTML to render model-generated HTML. Impact: potential XSS if the model out...

7.6CVSS5.4AI score0.00222EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.10 views

RPP: A Certified Poisoned-Sample Detection Framework for Backdoor Attacks under Dataset Imbalance

Deep neural networks are highly susceptible to backdoor attacks, yet most defense methods to date rely on balanced data, overlooking the pervasive class imbalance in real-world scenarios that can amplify backdoor threats. This paper presents the first in-depth investigation of how the dataset...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/16 2:20 a.m.10 views

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

6.1CVSS6.2AI score0.00221EPSS
Exploits1References1
OSV
OSV
added 2026/01/15 12:0 a.m.5 views

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

6.1CVSS5.4AI score0.00221EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 12:0 a.m.24 views

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

0.00221EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.3 views

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

6.1CVSS5.4AI score0.00221EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.11 views

PT-2026-3106

Name of the Vulnerable Software and Affected Versions SparkyFitness version 0.15.8.2 Description SparkyFitness is susceptible to Cross-Site Scripting XSS attacks. The issue stems from improper handling of user input and output from Large Language Models LLMs. This allows for the injection of...

6.1CVSS6.2AI score0.00221EPSS
Exploits1References5
CVE
CVE
added 2026/01/12 11:5 p.m.22 views

CVE-2024-58340

LangChain

8.7CVSS6.7AI score0.0041EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.12 views

DeepSeek 安全漏洞

DeepSeek is a large language model from the Chinese company DeepSeek. A security vulnerability exists in DeepSeek version V3.2, which stems from the vulnerability of SVG content generated by the model to cross-site scripting attacks...

6.1CVSS6AI score0.00218EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-17343

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00724EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.7 views

CVE-2024-3402

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS6.3AI score0.00458EPSS
Exploits1References1
NVD
NVD
added 2024/06/06 7:16 p.m.25 views

CVE-2024-3402

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS0.00458EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 6:24 p.m.9 views

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS6.2AI score0.00458EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/06 6:24 p.m.21 views

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS6AI score0.00458EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/06 6:24 p.m.26 views

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS0.00458EPSS
Exploits1References1
Rows per page
Query Builder