CVE-2026-44209 Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...

SoK: Taxonomy and Evaluation of Prompt Security in Large Language Models

Large Language Models LLMs have rapidly become integral to real-world applications, powering services across diverse sectors. However, their widespread deployment has exposed critical security risks, particularly through jailbreak prompts that can bypass model alignment and induce harmful outputs...

System Prompt Poisoning: Persistent Attacks on Large Language Models beyond User Injection

Large language models LLMs have gained widespread adoption across diverse applications due to their impressive generative capabilities. Their plug-and-play nature enables both developers and end users to interact with these models through simple prompts. However, as LLMs become more integrated in...

PT-2025-9665

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Description A select option could partially obscure the confirmation prompt shown before launching external apps, potentially tricking a user into launching an external app unexpectedly. This issue only affects...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the GraphCypherQAChain class. An attacker can manipulate, delete, or create data, disrupt services, and compromise database integrity by injecting malicious SQL commands into prompts. Note: This vulnerability impac...

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...

KB5036896: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2024)

The remote Windows host is missing security update 5036896. It is, therefore, affected by multiple vulnerabilities - SmartScreen Prompt Security Feature Bypass Vulnerability CVE-2024-29988 - Secure Boot Security Feature Bypass Vulnerability CVE-2024-20669, CVE-2024-26168, CVE-2024-26171,...

Description of the Security Update for the spoofing vulnerability in Microsoft Visual Studio 2010 Tools for Office Runtime: August 8, 2023 (KB5029497)

Description of the Security Update for the spoofing vulnerability in Microsoft Visual Studio 2010 Tools for Office Runtime: August 8, 2023 KB5029497 Applies to: Visual Studio 2010 Tools for Office Runtime that is included with Microsoft Office and Visual Studio 2022, 2019, 2017, 2015, and 2013...

SUSE CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...