ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +505 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-model MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

CVE-2026-7907

Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

KLA91026 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution...

Jailbreaking Frontier Foundation Models through Intention Deception

Large vision-language models exhibit remarkable capability but remain highly susceptible to jailbreaking. Existing safety training approaches aim to have the model learn a refusal boundary between safe and unsafe, based on the user's intent. It has been found that this binary training regime ofte...

SUSE CVE-2026-33298

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...

PT-2026-24580

Name of the Vulnerable Software and Affected Versions MR-GM5L-S1 MR-GM5A-L1 Description An authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. Recommendations At the moment, there is no...

CVE-2026-2805

Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox 148 and Thunderbird 148...

MGASA-2026-0014 Updated thunderbird packages fix security vulnerabilities

Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...

CVE-2023-31502

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution RCE vulnerability via the component /models/managementmodel.php...

EUVD-2025-198356

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

You can poison AI with just 250 dodgy documents

Researchers have shown how you can corrupt an AI and make it talk gibberish by tampering with just 250 documents. The attack, which involves poisoning the data that an AI trains on, is the latest in a long line of research that has uncovered vulnerabilities in AI models. Anthropic which produces...

Exploiting Web Search Tools of AI Agents for Data Exfiltration

Large language models LLMs are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation RAG allows LLMs to process and retrieve sensitive corporate data, amplifyi...

EUVD-2021-22776

Malware in sbrugna...

EUVD-2017-0727

Malware in sbrugna...

EUVD-2021-0934

Malware in sbrugna...

EUVD-2017-0728

Malware in sbrugna...

EUVD-2025-7406

Malicious code in bioql PyPI...

Early Approaches to Adversarial Fine-Tuning for Prompt Injection Defense: a 2022 Study of GPT-3 and Contemporary Models

This paper documents early research conducted in 2022 on defending against prompt injection attacks in large language models, providing historical context for the evolution of this critical security domain. This research focuses on two adversarial attacks against Large Language Models LLMs: promp...

Perplexity AI Web Application 安全漏洞

Perplexity AI Web Application is a big data search engine application utilizing a big language model from Perplexity, Inc. in the United States. A security vulnerability exists in Perplexity AI Web Application GPT-4 version 2.51.0, which stems from mishandling of the token component and could lea...

CVE-2025-49847

CVE-2025-49847 affects llama.cpp: prior to v5662, an attacker-supplied GGUF vocabulary can trigger a buffer overflow in the vocabulary-loading path. The root cause is in llama_vocab::impl::token_to_piece(), where a large size_t token length is cast to int32_t, bypassing the length check and causi...