Lucene search
K

1534 matches found

Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33078

Name of the Vulnerable Software and Affected Versions AVEVA Pipeline Simulation affected versions not specified Description An issue exists where unauthenticated network access allows a remote attacker to perform operations intended only for Simulator Instructor or Simulator Developer Administrat...

9.3CVSS5.8AI score0.00388EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.7 views

DeepGuard Secure Code Generation

Large Language Models LLMs for code generation can replicate insecure patterns from their training data. To mitigate this, a common strategy for security hardening is to fine-tune models using supervision derived from the final transformer layer. However, this design may suffer from a final-layer...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/12 8:59 p.m.107 views

cyber-punk

Cyber Punk Security Vulnerability Scanner A Claude Code plu...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.4 views

Follow My Eyes: Backdoor Attacks on VLM-Based Scanpath Prediction

Scanpath prediction models forecast the sequence and timing of human fixations during visual search, driving foveated rendering and attention-based interaction in mobile systems where their integrity is a first-class security concern. We present the first study of backdoor attacks against VLM-bas...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.4 views

SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training

The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/07 12:0 p.m.5 views

RUSTSEC-2026-0083 zantetsu-trainer is unmaintained

The zantetsu-trainer crate is no longer maintained. The ML training infrastructure it contained was removed as part of the zantetsu 0.2 release, which replaced the neural parser with a pure heuristic engine. A tombstone version 0.2.0 has been published and 0.1.4 has been yanked. There is no...

5.7AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.5 views

Mapping the Exploitation Surface: A 10,000-Trial Taxonomy of What Makes LLM Agents Exploit Vulnerabilities

LLM agents with tool access can discover and exploit security vulnerabilities. This is known. What is not known is which features of a system prompt trigger this behaviour, and which do not. We present a systematic taxonomy based on approximately 10,000 trials across seven models, 37 prompt...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.10 views

SecPI: Secure Code Generation with Reasoning Models Via Security Reasoning Internalization

Reasoning language models RLMs are increasingly used in programming. Yet, even state-of-the-art RLMs frequently introduce critical security vulnerabilities in generated code. Prior training-based approaches for secure code generation face a critical limitation that prevents their direct applicati...

6AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/04/03 9:28 p.m.5 views

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.21 views

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/21 12:0 a.m.12 views

AEGIS: From Clues to Verdicts -- Graph-Guided Deep Vulnerability Reasoning Via Dialectics and Meta-Auditing

Large Language Models LLMs are increasingly adopted for vulnerability detection, yet their reasoning remains fundamentally unsound. We identify a root cause shared by both major mitigation paradigms agent-based debate and retrieval augmentation: reasoning in an ungrounded deliberative space that...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12373

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References5
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-6MJ8-JMP2-G8Q7 Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.3CVSS5.7AI score0.00254EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.7 views

Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/16 2:20 p.m.6 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS0.00254EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/16 10:48 a.m.6 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the removetrainingdata function in the file bigqueryvector.py. An attacker can execute arbitrary SQL commands by supplying crafted input to the ID argument...

7.5CVSS7.5AI score0.00254EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 8:32 a.m.4 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/16 8:32 a.m.34 views

CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 8:32 a.m.3 views

CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4
Rows per page
Query Builder