CVE-2026-44550

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

Important: Red Hat Security Advisory: RHTAS 1.3.2 - Tech Preview Release Of the Model Validation Operator

The Tech Preview release of the RHTAS Model Validation Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Model Validation Operator can be used with OpenShift Container Platform 4.16, 4.17,...

Text Generation Inference 资源管理错误漏洞

Text Generation Inference is a Rust, Python, and gRPC server developed by Hugging Face for text generation inference. Version 3.3.6 of Text Generation Inference contains a resource management vulnerability. This vulnerability stems from the unlimited acquisition of external images during input...

Virtual Camera Detection: Catching Video Injection Attacks in Remote Biometric Systems

Face anti-spoofing FAS is a vital component of remote biometric authentication systems based on facial recognition, increasingly used across web-based applications. Among emerging threats, video injection attacks -- facilitated by technologies such as deepfakes and virtual camera software -- pose...

Mind the Gap: Evaluating Model- and Agentic-Level Vulnerabilities in LLMs with Action Graphs

As large language models transition to agentic systems, current safety evaluation frameworks face critical gaps in assessing deployment-specific risks. We introduce AgentSeer, an observability-based evaluation framework that decomposes agentic executions into granular action and component graphs,...

CVE-2024-3402

CVE-2024-3402 affects gaizhenbiao/chuanhuchatgpt version 20240121. A stored XSS vulnerability arises from inadequate sanitization/validation of the model output data, allowing injection/execution of arbitrary JavaScript in the context of other users’ browsers and potentially hijacking victims’ se...

BIT-TENSORFLOW-2020-15211 Out of bounds access in tensorflow-lite

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

Overcoming Challenges in Delivering Machine Learning Models from Research to Production

So, you’ve finished your research. You developed a machine learning ML model, tested, and validated it and you’re now ready to start development, and then push the model to production. The hard work -- the research -- is finally behind you. Or is it? Understanding the Challenges in Machine Learni...

Input validation

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CodeIgniter 代码注入漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.3.5 that stems from a problem with the validation method and in-model validation in the controller, allowing an attacker to execute arbitrary code...

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs--ChatGPT in particular: Given that weve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, its entirely possible that bad actors have been poisoning ChatGPT for months. We dont know...

Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

CVE-2022-29791

CVE-2022-29791 relates to Huawei HarmonyOS, specifically the HiAIserver component where the model weights’ validity is not strictly checked. The issue can cause AI services to behave abnormally and affect AI-related functionality. The available documents describe the root cause as improper valida...

CVE-2022-29789

CVE-2022-29789 affects Huawei/HarmonyOS HiAIserver’s AI services. The vulnerability stems from the HiAIserver not performing strict legitimacy checks on properties used in the model, enabling successful exploitation that can affect AI service operation. Multiple connected records reiterate this i...

PYSEC-2020-326

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

CVE-2019-5230

P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321C00E320R1P1T8, versions earlier than Emily-AL00A 9.1.0.321C00E320R1P1T8, versions earlier than NEO-AL00D NEO-AL00 9.1.0.321C786E320R1P1T8 have an improper validation vulnerability. The system does not perform a...