Lucene search
K

4343 matches found

Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.6 views

CoopGuard: Stateful Cooperative Agents Safeguarding LLMs against Evolving Multi-Round Attacks

As Large Language Models LLMs are increasingly deployed in complex applications, their vulnerability to adversarial attacks raises urgent safety concerns, especially those evolving over multi-round interactions. Existing defenses are largely reactive and struggle to adapt as adversaries refine...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.4 views

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.5 views

LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Security Advisories

Large language models LLMs are increasingly embedded in open-source software OSS ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it remains unclear whether traditional vulnerability disclosure...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.2 views

Your Agent Is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose severe security challenges. Specifically, Indirect Prompt...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.8 views

SecPI: Secure Code Generation with Reasoning Models Via Security Reasoning Internalization

Reasoning language models RLMs are increasingly used in programming. Yet, even state-of-the-art RLMs frequently introduce critical security vulnerabilities in generated code. Prior training-based approaches for secure code generation face a critical limitation that prevents their direct applicati...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Perceptual Gaps: ASCII Art and Overlapping Audio As CAPTCHA

As multimodal large language models LLMs advance, traditional CAPTCHAs have become obsolete at distinguishing humans from bots. To address this shift, this paper aims to investigate the possibility of using tasks for which humans have evolved highly specialised neural processing. We introduce two...

6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.4 views

CVE-2025-68152

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 3:25 p.m.3 views

CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/02 6:59 p.m.1 views

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.4 views

Combating Data Laundering in LLM Training

Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29877

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing to mono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy result...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.2 views

Automated Malware Family Classification Using Weighted Hierarchical Ensembles of Large Language Models

Malware family classification remains a challenging task in automated malware analysis, particularly in real-world settings characterized by obfuscation, packing, and rapidly evolving threats. Existing machine learning and deep learning approaches typically depend on labeled datasets, handcrafted...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/01 11:48 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing authenticated sessions after a password reset or password change process. An attacker can maintain unauthorized access to an account by reusing a previously obtained...

7.1CVSS5.8AI score0.003EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.5 views

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS7.7AI score0.00737EPSS
Exploits1References1
NVD
NVD
added 2026/04/01 9:17 p.m.13 views

CVE-2026-5312

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

6.9CVSS0.0054EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2026/04/01 9:13 p.m.5 views

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34446 via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34446 Source advisory: OSV:GHSA-CMW6-HCPP-C6JP...

5.5CVSS5.7AI score0.00176EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:30 p.m.5 views

CVE-2026-5312

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

6.9CVSS5.6AI score0.0054EPSS
Exploits1References7Affected Software20
OSV
OSV
added 2026/04/01 6:16 p.m.6 views

UBUNTU-CVE-2026-34445

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 5:30 p.m.31 views

CVE-2026-34445

CVE-2026-34445 affects ONNX prior to version 1.21.0, where ExternalDataInfo used Python setattr() to load metadata directly from model files without validating keys, enabling a malicious model to overwrite internal object properties. Impact is mainly availability (HIGH) with confidentiality and i...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 5:30 p.m.2 views

CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References3
Rows per page
Query Builder