Lucene search
K

9 matches found

OSV
OSV
added 2026/05/26 7:1 a.m.13 views

MAL-2026-4786 Malicious code in ranno (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1366783d9cb87471f1b5cfeb806508ee83b2a58ded724f8ea45d8391f4f68bc The package's advertised API ex calls gn in ranno/gn.py, which POSTs the caller's prompt — and, when a data= argument is supplied, the absolute file...

6.5AI score
Exploits0References1
OSV
OSV
added 2026/05/22 11:16 a.m.13 views

MAL-2026-4533 Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:32 p.m.6 views

CVE-2026-45387

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

4.3CVSS5.8AI score0.0022EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-41189

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An issue exists where users granted read access to a model can also read the model's system prompt, which may contain confidential information. This occurs because the workspace model edit page...

4.3CVSS5.8AI score0.0022EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-36900

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The '/chat' WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature fails to verify if an incoming connection is authorized to...

6.5CVSS6.1AI score0.00383EPSS
Exploits1References11
OSV
OSV
added 2026/03/21 1:17 a.m.5 views

CVE-2026-32897

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...

3.7CVSS5.9AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/11/06 12:0 a.m.6 views

From Model to Breach: Towards Actionable LLM-Generated Vulnerabilities Reporting

As the role of Large Language Models LLM-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security benchmarks have been proposed alongside approaches to improve the...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.4 views

CVE-2023-23774

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

8.4CVSS7.5AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 12:32 p.m.3 views

GHSA-5CHR-FJJV-38QV langchain-core allows unauthorized users to read arbitrary files from the host file system

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS6AI score0.00366EPSS
Exploits0References6
Rows per page
Query Builder