Lucene search
K

18 matches found

Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.14 views

Customization under Fire: Plugin Poisoning in Text-To-Image Ecosystem

The prosperity of text-to-image T2I models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation LoRA plugins, which allow users to customize and share model capabilities with ease. This democratization, however, comes with a hidden but severe security risk. Malicious...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.7 views

Awakening the Hydra: Stabilizing Multi-Concept Backdoor Injection in Text-To-Image Diffusion Models

Text-to-image diffusion models are increasingly developed through open-source reuse and repeated downstream fine-tuning, where reused checkpoints are difficult to verify and thus more susceptible to hidden backdoor behaviors. In such ecosystems, a single pretrained model may be sequentially adapt...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.8 views

OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing

Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/22 12:0 a.m.2 views

DREAM: Scalable Red Teaming for Text-To-Image Generative Systems Via Distribution Modeling

Despite the integration of safety alignment and external filters, text-to-image T2I generative models are still susceptible to producing harmful content, such as sexual or violent imagery. This raises serious concerns about unintended exposure and potential misuse. Red teaming, which aims to...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/14 12:0 a.m.4 views

PLA: Prompt Learning Attack against Text-To-Image Generative Models

Text-to-Image T2I models have gained widespread adoption across various applications. Despite the success, the potential misuse of T2I models poses significant risks of generating Not-Safe-For-Work NSFW content. To investigate the vulnerability of T2I models, this paper delves into adversarial...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/26 12:0 a.m.2 views

On the Feasibility of Poisoning Text-To-Image AI Models Via Adversarial Mislabeling

Today's text-to-image generative models are trained on millions of images sourced from the Internet, each paired with a detailed caption produced by Vision-Language Models VLMs. This part of the training pipeline is critical for supplying the models with large volumes of high-quality image-captio...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.4 views

GenBreak: Red Teaming Text-To-Image Generators Using Large Language Models

Text-to-image T2I models such as Stable Diffusion have advanced rapidly and are now widely used in content creation. However, these models can be misused to generate harmful content, including nudity or violence, posing significant safety risks. While most platforms employ content moderation...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.4 views

BadReward: Clean-Label Poisoning of Reward Models in Text-To-Image RLHF

Reinforcement Learning from Human Feedback RLHF is crucial for aligning text-to-image T2I models with human preferences. However, RLHF's feedback mechanism also opens new pathways for adversaries. This paper demonstrates the feasibility of hijacking T2I models by poisoning a small fraction of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/29 12:0 a.m.4 views

Fooling the Watchers: Breaking AIGC Detectors Via Semantic Prompt Attacks

The rise of text-to-image T2I models has enabled the synthesis of photorealistic human portraits, raising serious concerns about identity misuse and the robustness of AIGC detectors. In this work, we propose an automated adversarial prompt generation framework that leverages a grammar tree...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.4 views

Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling

Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.4 views

Inception: Jailbreak the Memory Mechanism of Text-To-Image Generation Systems

Currently, the memory mechanism has been widely and successfully exploited in online text-to-image T2I generation systems e.g., DALL E 3 for alleviating the growing tokenization burden and capturing key information in multi-turn interactions. Despite its practicality, its security analyses have...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/20 12:0 a.m.2 views

REDEditing: Relationship-Driven Precise Backdoor Poisoning on Text-To-Image Diffusion Models

The rapid advancement of generative AI highlights the importance of text-to-image T2I security, particularly with the threat of backdoor poisoning. Timely disclosure and mitigation of security vulnerabilities in T2I models are crucial for ensuring the safe deployment of generative models. We...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.3 views

Token-Level Constraint Boundary Search for Jailbreaking Text-To-Image Models

Recent advancements in Text-to-Image T2I generation have significantly enhanced the realism and creativity of generated images. However, such powerful generative capabilities pose risks related to the production of inappropriate or harmful content. Existing defense mechanisms, including prompt...

7AI score
Exploits0
NVD
NVD
added 2023/06/24 3:15 a.m.21 views

CVE-2023-3387

The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lanatexttoimage' and 'lanatexttoimg' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.7AI score0.00532EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/24 2:0 a.m.25 views

CVE-2023-3387 Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lanatexttoimage' and 'lanatexttoimg' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.8AI score0.00532EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/24 12:0 a.m.5 views

WordPress plugin Lana Text to Image 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.5AI score0.00532EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/24 12:0 a.m.6 views

PT-2023-24524 · WordPress · Lana Text To Image

Name of the Vulnerable Software and Affected Versions: Lana Text to Image plugin for WordPress versions up to, and including, 1.0.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the lana text to image and lana text to img...

6.4CVSS6.3AI score0.00532EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/06/23 12:0 a.m.9 views

WordPress Lana Text to Image Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Lana Text to Image Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3387 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 0d489ec1b616 Credits István Márton...

6.4CVSS5.6AI score0.00532EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder