Lucene search
K

100 matches found

NVD
NVD
added 3 days ago10 views

CVE-2026-13503

A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. The attack can be...

6.9CVSS0.0055EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48591

This module integrates the Tagify JavaScript library to enhance entity reference selection in entity reference widgets. The module does not properly sanitise the name of parent taxonomy terms when rendering suggestions in the Tagify dropdown. This results in a cross-site scripting vulnerability...

5.6AI score
Exploits0References2
Fedora
Fedora
added 2026/06/09 1:22 a.m.12 views

[SECURITY] Fedora 44 Update: sentencepiece-0.2.1-1.fc44

The SentencePiece is an unsupervised text tokenizer for Neural Network-based text generation. It is an unsupervised text tokenizer and detokenizer mainly for Neural Network-based text generation systems where the vocabulary size is predetermined prior to the neural model training. SentencePiece...

8.5CVSS7.2AI score0.00163EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/26 2:2 p.m.73 views

Terminus-ai

Terminus-ai a foundation model trainthe entirety of exploit-...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.4 views

Owner-Harm: A Missing Threat Model for AI Agent Safety

Existing AI agent safety benchmarks focus on generic criminal harm cybercrime, harassment, weapon synthesis, leaving a systematic blind spot for a distinct and commercially consequential threat category: agents harming their own deployers. Real-world incidents illustrate the gap: Slack AI...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/07 6:4 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview @fedify/vocab-runtime is a Runtime library for code-generated Activity Vocabulary APIs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader...

8.7CVSS5.8AI score0.00551EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw in the vocabulary function, which could allow users with teacher role...

8.3CVSS5.7AI score0.00373EPSS
Exploits1References5
Snyk
Snyk
added 2025/10/29 9:44 a.m.5 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the .keras archives when they are initialized with a path to a vocabulary file. The model deserialization process when loading the...

6.8CVSS6.9AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-1654

Malware in sbrugna...

2.1CVSS6.4AI score0.01117EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-3337

Malware in sbrugna...

6.1CVSS6.1AI score0.01311EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.2 views

Enhancing LLM Watermark Resilience against Both Scrubbing and Spoofing Attacks

Watermarking is a promising defense against the misuse of large language models LLMs, yet it remains vulnerable to scrubbing and spoofing attacks. This vulnerability stems from an inherent trade-off governed by watermark window size: smaller windows resist scrubbing better but are easier to...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/06/24 3:45 a.m.1 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokenize function in the file llama-vocab.cpp. An attacker can achieve arbitrary code execution or cause a denial of service by providing specially crafted text input that triggers a heap overflow during the...

8.8CVSS8AI score0.00318EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/17 8:43 p.m.3 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokentopiece function in the file llama-vocab.cpp. An attacker can cause arbitrary memory corruption and potentially execute code by supplying a specially crafted GGUF model that triggers a buffer overflow during...

8.8CVSS8AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2025/06/17 8:15 p.m.3 views

DEBIAN-CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

8.8CVSS6.3AI score0.00444EPSS
Exploits0References1
OSV
OSV
added 2025/06/17 8:15 p.m.2 views

UBUNTU-CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

8.8CVSS6.3AI score0.00444EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/06/17 8:4 p.m.5 views

CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

8.8CVSS6.3AI score0.00444EPSS
Exploits0
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.2 views

llama.cpp 安全漏洞

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5662, which stems from a buffer overflow that may be triggered by the GGUF model vocabulary, potentially leading to memory corruption and execution of...

8.8CVSS7.2AI score0.00444EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.32 views

Joint-GCG: Unified Gradient-Based Poisoning Attacks on Retrieval-Augmented Generation Systems

Retrieval-Augmented Generation RAG systems enhance Large Language Models LLMs by retrieving relevant documents from external corpora before generating responses. This approach significantly expands LLM capabilities by leveraging vast, up-to-date external knowledge. However, this reliance on...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.2 views

TrojanStego: Your Language Model Can Secretly Be a Steganographic Privacy Leaking Agent

As large language models LLMs become integrated into sensitive workflows, concerns grow over their potential to leak confidential information. We propose TrojanStego, a novel threat model in which an adversary fine-tunes an LLM to embed sensitive context information into natural-looking outputs v...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/13 12:0 a.m.3 views

Optimized Couplings for Watermarking Large Language Models

Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...

6.9AI score
Exploits0
Rows per page
Query Builder