CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40126

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...

6.1AI score0.00409EPSS

Exploits0References3

Packet Storm News•added 2026/05/12 12:0 a.m.•5 views

When LLMs Team Up: A Coordinated Attack Framework for Automated Cyber Intrusions

Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of...

Vulnrichment•added 2026/05/12 12:0 a.m.•5 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

6.5AI score0.00544EPSS

Packet Storm News•added 2026/05/12 12:0 a.m.•10 views

Still Camouflage, Moving Illusion: View-Induced Trajectory Manipulation in Autonomous Driving

Existing physical adversarial attacks on vision-based autonomous driving induce time-evolving perception errors, including biased object tracking or trajectory prediction, through i sophisticated physical patch inducing detection box drift when entering the view distance, or ii dynamically changi...

5.7AI score

CVE•added 2026/05/12 12:0 a.m.•10 views

CVE-2026-31239

The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...

9.8CVSS6.1AI score0.00409EPSS

EUVD•added 2026/05/11 6:31 p.m.•24 views

EUVD-2026-29151

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

8.8CVSS5.8AI score0.00489EPSS

Exploits0References4

NVD•added 2026/05/11 6:16 p.m.•23 views

CVE-2026-45006

8.8CVSS0.00489EPSS

Exploits0References3

CVE•added 2026/05/11 4:46 p.m.•13 views

CVE-2026-45006

CVE-2026-45006 affects OpenClaw prior to 2026.4.23, due to improper access control in the gateway tool’s config.apply and config.patch. The vulnerability bypasses an incomplete denylist, allowing compromised models to persist unsafe configuration changes that can alter command execution, network ...

8.8CVSS5.8AI score0.00489EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/11 2:35 p.m.•30 views

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS0.00438EPSS

Schneier on Security•added 2026/05/11 11:4 a.m.•10 views

LLMs and Text-in-Text Steganography

Turns out that LLMs are really good at hiding text messages in other text messages...

Packet Storm News•added 2026/05/11 12:0 a.m.•9 views

Guaranteed Jailbreaking Defense Via Disrupt-And-Rectify Smoothing

This paper proposes a guaranteed defense method for large language models LLMs to safeguard against jailbreaking attacks. Drawing inspiration from the denoised-smoothing approach in the adversarial defense domain, we propose a novel smoothing-based defense method, termed Disrupt-and-Rectify...

CNNVD•added 2026/05/11 12:0 a.m.•5 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability, which stems from the gRPC server component using torch.load to load the voice synthesis model without enabling the weights-only=True security parameter. Thi...

7.3CVSS6.2AI score0.00218EPSS

Packet Storm News•added 2026/05/11 12:0 a.m.•2 views

LLMs for Secure Hardware Design and Related Problems: Opportunities and Challenges

The integration of Large Language Models LLMs into Electronic Design Automation EDA and hardware security is rapidly reshaping the semiconductor industry. While LLMs offer unprecedented capabilities in generating Register Transfer Level RTL code, automating testbenches, and bridging the semantic...

Packet Storm News•added 2026/05/11 12:0 a.m.•7 views

Adversarial SQL Injection Generation with LLM-Based Architectures

SQL injection SQLi attacks are still one of the serious attacks ranked in the Open Worldwide Application Security Project OWASP Top 10 threats. Today, with advances in Artificial Intelligence AI, especially in Large Language Models LLMs, an opportunity has been created for automating adversarial...

Packet Storm News•added 2026/05/10 12:0 a.m.•6 views

Position: AI Security Policy Should Target Systems, Not Models

We present swarm-attack, an open-source adversarial testing framework in which multiple lightweight LLM agents coordinate through shared memory, parallel exploration, and evolutionary optimization. Together, our results demonstrate that both safety bypass of frontier models and software...

5.9AI score