Lucene search
K

143 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57476

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.3CVSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42976

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-57476

CVE-2026-57476 describes a vulnerability in Deloitte AI Assist for Customer where unauthenticated API endpoints allowed an attacker knowing specific parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. The issue was mitigated on 2026-03-25 by restricting...

6.3CVSS6.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-54602

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...

7.1CVSS6AI score0.00227EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59098

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.34 views

CVE-2026-59098 LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:42 p.m.7 views

EUVD-2026-41429

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 9:18 p.m.10 views

Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/06/13 9:37 p.m.100 views

OffSploit

OffSploit: Autonomous Exploit Adaptation & C2 Framework !Py...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.11 views

Revisiting Vul-RAG: Reproducibility and Replicability of RAG-Based Vulnerability Detection with Open-Weight Models

Large language models LLMs have shown strong potential for automated software vulnerability detection, particularly in retrieval-augmented generation RAG settings. However, for approaches relying on proprietary models and APIs, reproducibility and replicability remain largely unexplored, raising...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.42 views

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

6.3CVSS5.9AI score0.00232EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.13 views

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/20 1:37 p.m.46 views

CVE-2026-21836 HCL DominoIQ is affected by broken access control

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

6.5CVSS0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.31 views

PT-2026-42166

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.12 views

From Detection to Response: A Deep Learning and Retrieval-Augmented Generation Framework for Network Intrusion Mitigation

Machine-learning-based Intrusion Detection Systems IDS have achieved impressive accuracy in classifying network attacks, yet they consistently fall short on the question that matters most to a security analyst: what should I do next? This paper presents a unified, end-to-end framework that closes...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/15 8:34 p.m.56 views

CVE-2026-45397 Open WebUI: Unauthenticated RAG Configuration Disclosure

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...

5.3CVSS0.0072EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 8:34 p.m.34 views

CVE-2026-45397

Open WebUI (self-hosted offline AI platform) is affected by CVE-2026-45397. The vulnerability is an information disclosure in the retrieval endpoint: GET /api/v1/retrieval/ can return live RAG configuration to unauthenticated clients. Affected component is backend/open_webui/routers/retrieval.py ...

5.3CVSS5.8AI score0.0072EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.26 views

UGen: An Agentic Framework for Generating Microarchitectural Attack PoCs

Microarchitectural attacks continue to evolve, uncovering new exploitation vectors in modern processors. From a defensive perspective, assessing a system's susceptibility to such attacks remains challenging. Developing functional attack implementations is labor-intensive, requires deep...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.12 views

Adversarial SQL Injection Generation with LLM-Based Architectures

SQL injection SQLi attacks are still one of the serious attacks ranked in the Open Worldwide Application Security Project OWASP Top 10 threats. Today, with advances in Artificial Intelligence AI, especially in Large Language Models LLMs, an opportunity has been created for automating adversarial...

5.8AI score
Exploits0
Rows per page
Query Builder