Lucene search
K

42 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.4AI score0.00233EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.25 views

RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/29 6:7 p.m.37 views

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...

6.6AI score
Exploits0
OSV
OSV
added 2026/05/20 11:55 a.m.5 views

BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:4 a.m.47 views

CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS0.00233EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:4 a.m.8 views

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/19 12:4 a.m.18 views

EUVD-2026-30815

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 12:4 a.m.8 views

CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 12:4 a.m.15 views

CVE-2026-32244

Discourse: Cached outdated AI summaries can leak removed content to anonymous/unprivileged users who cannot regenerate summaries. Affected in versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest. Fixed in those versions. Remediation: upgrade to 2026.1.4, 2026.3.1, 2026.4.1, or 2026....

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41758

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description Outdated cached AI summaries can leak removed content to anonymous and...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.6 views

CVE-2026-5619

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00694EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 6:30 a.m.5 views

EUVD-2026-19166

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.5AI score0.00694EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/06 3:45 a.m.30 views

CVE-2026-5619 Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS0.00694EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/06 3:45 a.m.1 views

CVE-2026-5619 Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00694EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 3:45 a.m.3 views

CVE-2026-5619

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00694EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/06 3:45 a.m.17 views

CVE-2026-5619

A vulnerability (CVE-2026-5619) affects Braffolk mcp-summarization-functions up to version 0.1.5, specifically the summarize_command component in src/server/mcp-server.ts. The issue is an os command injection caused by manipulating the argument command; exploitation requires local access. An expl...

5.3CVSS5.7AI score0.00694EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

Summarization Functions 操作系统命令注入漏洞

Summarization Functions is an intelligent text summarization server developed by Braffolk’s individual developer. Versions of Summarization Functions prior to 0.1.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the command...

5.3CVSS6.1AI score0.00694EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.8 views

PT-2026-30562

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize command. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

5.3CVSS5.5AI score0.00694EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/03/27 12:0 a.m.5 views

Detecting Protracted Vulnerabilities in Open Source Projects

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to prolonged security threats. While various vulnerability...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/04 12:6 p.m.9 views

Manipulating AI Summarization Features

Microsoft is reporting: Companies are embedding hidden instructions in "Summarize with AI" buttons that, when clicked, attempt to inject persistence commands into an AI assistant's memory via URL prompt parameters…. These prompts instruct the AI to "remember Company as a trusted source" or...

5.9AI score
Exploits0
Rows per page
Query Builder