PT-2026-39273

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The '/responses' endpoint in the OpenAI router allows any authenticated user to forward requests to upstream LLM providers without enforcing per-model access control. While the generate chat...

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming

A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

GHSA-WH2J-26J7-9728 Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

Generation of Predictable Numbers or Identifiers

Overview google-cloud-aiplatform is a Vertex AI API client library Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers for Cloud Storage buckets. An attacker can execute code remotely, steal models, or poison data by pre-creating buckets with...

Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

CVE-2026-2473

CVE-2026-2473 affects Google Cloud Vertex AI Experiments: version range 1.21.0 up to but not including 1.133.0. The issue arises from predictable Cloud Storage bucket names, enabling an unauthenticated remote attacker to perform cross-tenant remote code execution, model theft, and data poisoning ...

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

PT-2026-21291

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI versions 1.21.0 through 1.132.9 Description A flaw exists in Vertex AI Experiments within Google Cloud Vertex AI that could allow a remote, unauthenticated attacker to execute code, steal models, and poison data. This is...

EUVD-2025-31429

Malicious code in bioql PyPI...

CVE-2025-7647

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

CVE-2025-7647 Insecure Temporary File Handling in run-llama/llama_index

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

CVE-2025-7647

CVE-2025-7647 affects llama-index-core up to version 0.12.44, with a vulnerability in get_cache_dir() that uses a predictable, hardcoded directory path (/tmp/llama_index) on Linux. On multi-user Linux systems, this insecure temporary directory can enable local attackers to steal proprietary model...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.44 and earlier, which stems from the use of hard-coded paths and lack of security controls in the getcachedir function, which could lead to model stealin...

Attack and Defense Techniques in Large Language Models: a Survey and New Perspectives

Large Language Models LLMs have become central to numerous natural language processing tasks, but their vulnerabilities present significant security and ethical challenges. This systematic survey explores the evolving landscape of attack and defense techniques in LLMs. We classify attacks into...

SONNI: Secure Oblivious Neural Network Inference

In the standard privacy-preserving Machine learning as-a-service MLaaS model, the client encrypts data using homomorphic encryption and uploads it to a server for computation. The result is then sent back to the client for decryption. It has become more and more common for the computation to be...