Lucene search
K

19 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.23 views

A Systematic Literature Review for Transformer-Based Software Vulnerability Detection

Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/10 12:0 a.m.13 views

ALFA: A Safe-By-Design Approach to Mitigate Quishing Attacks Launched Via Fancy QR Codes

Phishing with Quick Response QR codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data. Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/16 12:0 a.m.11 views

A Novel GPT-Based Framework for Anomaly Detection in System Logs

Identification of anomalous events within system logs constitutes a pivotal element within the frame- work of cybersecurity defense strategies. However, this process faces numerous challenges, including the management of substantial data volumes, the distribution of anomalies, and the precision o...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/16 12:0 a.m.10 views

Hierarchical Deep Fusion Framework for Multi-Dimensional Facial Forgery Detection - the 2024 Global Deepfake Image Detection Challenge

The proliferation of sophisticated deepfake technology poses significant challenges to digital security and authenticity. Detecting these forgeries, especially across a wide spectrum of manipulation techniques, requires robust and generalized models. This paper introduces the Hierarchical Deep...

6.8AI score
Exploits0
PyPA
PyPA
added 2025/09/09 12:15 a.m.10 views

PYSEC-2025-141

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

8.8CVSS5.8AI score0.00684EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.17 views

PT-2025-36532

Name of the Vulnerable Software and Affected Versions: MONAI versions up to and including 1.5.0 Description: MONAI is an AI toolkit for health care imaging. The software contains insecure model loading methods that can trigger a deserialization vulnerability, potentially leading to code execution...

8.8CVSS6.8AI score0.00684EPSS
Exploits1References8
Packet Storm News
Packet Storm News
added 2025/08/03 12:0 a.m.6 views

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/24 12:0 a.m.17 views

LoRA-Leak: Membership Inference Attacks against LoRA Fine-Tuned Language Models

Language Models LMs typically adhere to a "pre-training and fine-tuning" paradigm, where a universal pre-trained model can be fine-tuned to cater to various specialized domains. Low-Rank Adaptation LoRA has gained the most widespread use in LM fine-tuning due to its lightweight computational cost...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/03 10:30 a.m.8 views

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you're evaluating AI-powered SOC platforms, you've likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.5 views

Adversarial Text Generation with Dynamic Contextual Perturbation

Adversarial attacks on Natural Language Processing NLP models expose vulnerabilities by introducing subtle perturbations to input text, often leading to misclassification while maintaining human readability. Existing methods typically focus on word-level or local text segment alterations,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.4 views

Sylva: Tailoring Personalized Adversarial Defense in Pre-Trained Models Via Collaborative Fine-Tuning

Whitepaper called Sylva: Tailoring Personalized Adversarial Defense In Pre-Trained Models Via Collaborative Fine-Tuning...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/01 12:0 a.m.8 views

Protocol-Agnostic and Data-Free Backdoor Attacks on Pre-Trained Models in RF Fingerprinting

While supervised deep neural networks DNNs have proven effective for device authentication via radio frequency RF fingerprinting, they are hindered by domain shift issues and the scarcity of labeled data. The success of large language models has led to increased interest in unsupervised pre-train...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.5 views

Designing a Reliable Lateral Movement Detector Using a Graph Foundation Model

Foundation models have recently emerged as a new paradigm in machine learning ML. These models are pre-trained on large and diverse datasets and can subsequently be applied to various downstream tasks with little or no retraining. This allows people without advanced ML expertise to build ML...

6.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/08/05 12:0 a.m.5 views

Microsoft Azure GPT ALE palantirdemoacr Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure GPT ALE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Generative Pre-trained Transformer Active Learning Engine GP...

9.8CVSS7.7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2023/01/09 1:37 p.m.37 views

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service DoS attacks. "To better interact with users, a wide range of database applications employ AI...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/09 1:37 p.m.29 views

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service DoS attacks. "To better interact with users, a wide range of database applications employ AI...

7.9AI score
Exploits0
Kitploit
Kitploit
added 2019/08/18 10:10 p.m.36 views

Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots

Give those screenshots of yours a quick eyeballing. Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal EyeWitness or GoWitness and then run the...

7.4AI score
Exploits0References1
Rows per page
Query Builder