All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2025-26644 is a vulnerability in Windows Hello (a biometric authentication system) where its recognition mechanism fails to properly detect or handle adversarial input perturbations (slight changes designed to fool AI systems). This weakness allows a local attacker to spoof someone's identity without authorization.
Cursor (a code editor designed for AI-assisted programming) had a bug in versions 0.45.0 through 0.48.6 where the Cursor Agent (an AI component that can automatically modify files) could be tricked into writing to files outside the workspace the user opened, either through direct user requests or hidden instructions in context. However, the risk was low because exploitation required deliberate prompting and any changes were visible to the user for review.
A vulnerability in the Linux kernel for ARM64 Qualcomm SDM845 processors was caused by a previous change that enabled pagetable walker cache coherency (a feature that keeps memory caches synchronized during page table operations). However, this feature doesn't work reliably across all SDM845/850 devices, causing some systems like the Lenovo Yoga C630 to lock up or crash. The fix reverts the problematic change to prevent these crashes.
BentoML v1.4.2 contains a Remote Code Execution (RCE) vulnerability caused by insecure deserialization (unsafe handling of data conversion from storage format back into code objects), which allows unauthenticated users to execute arbitrary code on the server through an unsafe code segment in serde.py. This is a critical security flaw in a Python library used for building AI model serving systems.
CVE-2025-3136 is a memory corruption vulnerability found in PyTorch 2.6.0, specifically in a function that manages GPU memory allocation. The vulnerability requires local access to exploit and has been publicly disclosed, though it is rated as medium severity with a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.8.
CVE-2025-3121 is a memory corruption vulnerability (where a program accidentally writes data to wrong memory locations) found in PyTorch 2.6.0, specifically in the torch.jit.jit_module_from_flatbuffer function. An attacker with local access (meaning they can run code on the same computer) could exploit this vulnerability, and the exploit details have been publicly disclosed.
CVE-2025-31564 is a SQL injection vulnerability (a type of attack where an attacker inserts malicious database commands into user input) found in the Ai Auto Tool Content Writing Assistant WordPress plugin, versions up to 2.1.7. The vulnerability allows blind SQL injection (SQL attacks where the attacker cannot see direct results but can infer information through application behavior), potentially letting attackers access or manipulate the database.
CVE-2025-31843 is a missing authorization vulnerability (a security flaw where the software fails to properly check if a user has permission to perform an action) in the Wilson OpenAI Tools plugin for WordPress and WooCommerce that affects versions up to 2.1.5. The vulnerability allows attackers to exploit incorrectly configured access controls, meaning they can perform actions they shouldn't be allowed to do.
PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-3001) in the torch.lstm_cell function that causes memory corruption (damage to data stored in a computer's memory) through local manipulation. The vulnerability requires local access to exploit and has been publicly disclosed.
A critical vulnerability (CVE-2025-3000) was found in PyTorch 2.6.0 affecting the torch.jit.script function, which causes memory corruption (damage to data stored in a computer's RAM). The vulnerability can be exploited locally (by someone with access to the same machine) and has already been publicly disclosed, making it a known risk.
CVE-2025-2999 is a critical vulnerability in PyTorch 2.6.0 affecting the torch.nn.utils.rnn.unpack_sequence function, which causes memory corruption (unsafe access to computer memory). An attacker must have local access (ability to run code on the same machine) to exploit this bug, and the vulnerability has already been made public.
PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-2998) in the torch.nn.utils.rnn.pad_packed_sequence function that causes memory corruption (a situation where data in a program's memory is accidentally overwritten or damaged). An attacker with local access (ability to run code on the same machine) can exploit this flaw, and the vulnerability details have been publicly disclosed.
A vulnerability in PyTorch 2.6.0+cu124 affects the torch.mkldnn_max_pool2d function, a component used for processing image data. The vulnerability can cause a denial of service (making a system unavailable), but requires local access to the machine. The vulnerability's real existence is still disputed.
CVE-2025-26265 is a bug in openairinterface5g (software for 5G networks) version 2.1.0 that causes a segmentation fault (a crash when the program tries to access memory it shouldn't). Attackers can exploit this by sending a specially crafted UE Context Modification response (a message in the 5G network setup process) to crash the system and cause a Denial of Service (DoS, making the service unavailable to legitimate users). The underlying issue is improper memory buffer handling (the software doesn't properly check the boundaries of memory it's using).
Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.
A critical vulnerability (CVE-2025-2733) was found in mannaandpoem OpenManus up to version 2025.3.13 in the file app/tool/python_execute.py. The vulnerability allows OS command injection (running unauthorized system commands), which can be triggered remotely by someone with login access. The exploit has been publicly disclosed, and the vendor has not responded to early notification.
Fix: This vulnerability is fixed in version 0.48.7.
NVD/CVE DatabaseFix: Revert commit 6b31a9744b8726c69bb0af290f8475a368a4b805 by removing the change that affirmed IDR0.CCTW on apps_smmu in the Linux kernel's arm64 device tree configuration for Qualcomm SDM845.
NVD/CVE DatabaseLangflow versions before 1.3.0 have a code injection vulnerability (a flaw where attackers can insert and run malicious code) in the /api/v1/validate/code endpoint that allows unauthenticated attackers (those without login credentials) to execute arbitrary code by sending specially crafted HTTP requests (formatted messages to the server). This vulnerability is actively being exploited in the wild.
Fix: Update Langflow to version 1.3.0 or later, as referenced in the official release notes at https://github.com/langflow-ai/langflow/releases/tag/1.3.0. If mitigations are unavailable, discontinue use of the product.
NVD/CVE DatabaseGitHub Copilot can be customized using instructions from a .github/copilot-instructions.md file in your repository, but security researchers at Pillar Security have identified risks with such custom instruction files (similar to risks found in other AI tools like Cursor). GitHub has responded by updating their Web UI to highlight invisible Unicode characters (characters hidden in text that don't display visibly), referencing both the Pillar Security research and concerns about ASCII smuggling (hiding malicious code in plain-text files using character tricks).
Fix: GitHub made a product change to highlight invisible Unicode characters in the Web UI to help users spot suspicious hidden characters in instruction files.
Embrace The RedFix: This vulnerability is fixed in BentoML version 1.4.3. Users should upgrade from v1.4.2 to v1.4.3 or later.
NVD/CVE DatabaseThree major AI companies (OpenAI, Google, and Anthropic) submitted public comments to the U.S. government's request for input on developing an 'AI Action Plan' in response to President Trump's executive order. The companies largely advocated for increased government investment in AI infrastructure and public-private partnerships, though they framed their arguments differently, with OpenAI notably avoiding the term 'AI safety' in its response despite previous public emphasis on the topic.
Fix: Users should upgrade to version 0.14.1 to obtain a fix for the issue.
NVD/CVE DatabaseOWASP (Open Worldwide Application Security Project, a nonprofit that helps organizations secure their software) has renamed and promoted its OWASP Top 10 for LLM (large language model, an AI trained on massive amounts of text data) project to the OWASP Gen AI Security Project, expanding its focus from just listing AI vulnerabilities to providing broader guidance on governance, risk management, and compliance for generative AI systems. The project now includes over 600 experts from 18 countries and has published new resources like the Agentic AI Threats and Mitigations Guide (addressing security risks in autonomous AI systems) along with translations in six additional languages.