100 matches found
CVE-2026-13503
A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. The attack can be...
PT-2026-48591
This module integrates the Tagify JavaScript library to enhance entity reference selection in entity reference widgets. The module does not properly sanitise the name of parent taxonomy terms when rendering suggestions in the Tagify dropdown. This results in a cross-site scripting vulnerability...
[SECURITY] Fedora 44 Update: sentencepiece-0.2.1-1.fc44
The SentencePiece is an unsupervised text tokenizer for Neural Network-based text generation. It is an unsupervised text tokenizer and detokenizer mainly for Neural Network-based text generation systems where the vocabulary size is predetermined prior to the neural model training. SentencePiece...
Terminus-ai
Terminus-ai a foundation model trainthe entirety of exploit-...
Owner-Harm: A Missing Threat Model for AI Agent Safety
Existing AI agent safety benchmarks focus on generic criminal harm cybercrime, harassment, weapon synthesis, leaving a systematic blind spot for a distinct and commercially consequential threat category: agents harming their own deployers. Real-world incidents illustrate the gap: Slack AI...
Allocation of Resources Without Limits or Throttling
Overview @fedify/vocab-runtime is a Runtime library for code-generated Activity Vocabulary APIs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader...
Chamilo 跨站脚本漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw in the vocabulary function, which could allow users with teacher role...
Deserialization of Untrusted Data
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the .keras archives when they are initialized with a path to a vocabulary file. The model deserialization process when loading the...
EUVD-2012-1654
Malware in sbrugna...
EUVD-2011-3337
Malware in sbrugna...
Enhancing LLM Watermark Resilience against Both Scrubbing and Spoofing Attacks
Watermarking is a promising defense against the misuse of large language models LLMs, yet it remains vulnerable to scrubbing and spoofing attacks. This vulnerability stems from an inherent trade-off governed by watermark window size: smaller windows resist scrubbing better but are easier to...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokenize function in the file llama-vocab.cpp. An attacker can achieve arbitrary code execution or cause a denial of service by providing specially crafted text input that triggers a heap overflow during the...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokentopiece function in the file llama-vocab.cpp. An attacker can cause arbitrary memory corruption and potentially execute code by supplying a specially crafted GGUF model that triggers a buffer overflow during...
DEBIAN-CVE-2025-49847
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...
UBUNTU-CVE-2025-49847
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...
CVE-2025-49847
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...
llama.cpp 安全漏洞
llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5662, which stems from a buffer overflow that may be triggered by the GGUF model vocabulary, potentially leading to memory corruption and execution of...
Joint-GCG: Unified Gradient-Based Poisoning Attacks on Retrieval-Augmented Generation Systems
Retrieval-Augmented Generation RAG systems enhance Large Language Models LLMs by retrieving relevant documents from external corpora before generating responses. This approach significantly expands LLM capabilities by leveraging vast, up-to-date external knowledge. However, this reliance on...
TrojanStego: Your Language Model Can Secretly Be a Steganographic Privacy Leaking Agent
As large language models LLMs become integrated into sensitive workflows, concerns grow over their potential to leak confidential information. We propose TrojanStego, a novel threat model in which an adversary fine-tunes an LLM to embed sensitive context information into natural-looking outputs v...
Optimized Couplings for Watermarking Large Language Models
Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...