All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A vulnerability (CVE-2025-1953) was found in vLLM AIBrix 0.2.0 in the Prefix Caching component (a feature that speeds up AI model processing by reusing cached data) that produces insufficiently random values, potentially compromising security. The vulnerability is rated as low severity and difficult to exploit, but it affects the cryptographic security of the system.
Fix: Upgrade to vLLM AIBrix version 0.3.0, which addresses this issue.
NVD/CVE DatabasePinecone is an experimental overlay routing protocol suite (a set of rules for how computers communicate across a peer-to-peer network) used in P2P Matrix demos. The Pinecone Simulator tool included in Pinecone up to commit ea4c337 has a stored cross-site scripting vulnerability (XSS, where attackers inject malicious code into a website that gets saved and runs when users view it), though the stored payloads are temporary and disappear when the simulator restarts.
A cross-site scripting (XSS, where an attacker injects malicious code into a webpage to trick users) vulnerability was found in the ChatGPT Open AI Images & Content for WooCommerce plugin, affecting versions up to 2.2.0. The vulnerability allows attackers to inject harmful scripts through reflected XSS (where malicious input is immediately reflected back to the user without proper filtering).
CVE-2025-25185 is a vulnerability in GPT Academic (version 3.91 and earlier) where the software does not properly handle soft links (special files that point to other files). An attacker can create a malicious soft link, upload it in a compressed tar.gz file, and when the server decompresses it, the soft link will point to sensitive files on the victim's server, allowing the attacker to read all server files.
WireGuard (a VPN protocol in the Linux kernel) had a memory leak bug where network packets (skb, or socket buffers) weren't being properly freed when IPv6 (Internet Protocol version 6) was disabled. The code was supposed to free the memory in certain functions, but forgot to do so when IPv6 support was turned off.
A bug in the Linux kernel's sfc (Solarflare network driver) caused a kernel panic when creating virtual functions (VFs, which are virtual network devices that share a physical network card). The crash happened because the code tried to unmap memory using vunmap while in an interrupt context, which is not allowed.
A Linux kernel bug in cachefiles (a file caching system) caused a slab-out-of-bounds error (KASAN, a memory safety detector, caught code writing outside allocated memory) when setting extended attributes on cached volumes. The fix uses the actual length of volume coherency data (metadata describing consistency) instead of an incorrect length when writing the attribute.
The EU AI Act includes specific support measures for small and medium-sized enterprises (SMEs, defined as companies with fewer than 250 employees and under €50 million in annual revenue). These measures include regulatory sandboxes (controlled testing environments for AI products outside normal regulatory rules), reduced compliance fees scaled to company size, simplified documentation forms, free training, and dedicated support channels to help SMEs follow the AI Act's requirements.
CVE-2025-21700 is a vulnerability in the Linux kernel's network packet scheduling system where a UAF (use-after-free, a memory error that lets attackers access freed memory) could be triggered by moving a child qdisc (queuing discipline, the Linux component that controls how packets are sent on a network) from one parent to another. The vulnerability allows privilege escalation through a sequence of commands that create conflicting parent-child relationships and cause memory corruption.
A vulnerability (CVE-2024-3303) was found in GitLab EE (a version control platform for managing code) that allows attackers to steal the contents of private issues through prompt injection (tricking the AI by hiding instructions in its input). The flaw affects multiple versions: 16.0 through 17.6.4, 17.7 through 17.7.3, and 17.8 through 17.8.1.
NVIDIA Triton Inference Server has a vulnerability where loading a model with an extremely large file size causes an integer overflow or wraparound error (a type of bug where a number gets too big for its storage space and wraps around to an incorrect value), potentially causing a denial of service (making the system unavailable). The vulnerability exists in the model loading API (the interface used to load AI models into the server).
PandasAI contains a vulnerability where its interactive prompt function can be exploited through prompt injection (tricking the AI by hiding instructions in its input), allowing attackers to run arbitrary Python code and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) instead of just getting explanations from the language model.
vLLM, a system for running large language models efficiently, has a vulnerability where attackers can craft malicious input to cause hash collisions (when two different inputs produce the same fingerprint value), allowing them to reuse cached data (stored computation results) from previous requests and corrupt subsequent responses. Python 3.12 made hash values predictable, making this attack easier to execute intentionally.
MDC is a tool that converts Markdown into documents that work with Vue components (a JavaScript framework for building user interfaces). In affected versions, the tool has a security flaw where it doesn't properly validate URLs in Markdown, allowing attackers to sneak in malicious JavaScript code by encoding it in a special format (hex-encoded HTML entities). This can lead to XSS (cross-site scripting, where unauthorized code runs in a user's browser) if the tool processes untrusted Markdown.
vLLM is a library that loads AI models from HuggingFace using a function that calls torch.load, a PyTorch function for loading model data. The problem is that torch.load is set to accept untrusted data without verification, which means if someone provides a malicious model file, it could run harmful code on the system during the loading process (deserialization of untrusted data, where code runs while converting saved data back into usable form).
The LearnPress WordPress LMS Plugin has a stored cross-site scripting vulnerability (XSS, a flaw where attackers inject malicious code that runs when others view a page) in all versions up to 4.2.7.5, caused by the plugin not properly filtering lesson names. Attackers with instructor-level access or higher can inject harmful scripts that execute whenever users visit affected pages.
The Jobify WordPress theme (versions up to 4.2.7) has a missing authorization vulnerability that allows unauthenticated attackers to bypass security checks on two AI image functions. Attackers can exploit this to upload image files from arbitrary locations and generate AI images using the site's OpenAI API key without permission.
CVE-2024-24443 is a vulnerability in OpenAirInterface CN5G AMF (a component that manages mobile network connections) up to version 2.0.0 where an uninitialized pointer dereference (using a memory address that hasn't been properly set up) in a specific routine allows attackers to cause a Denial of Service attack by sending a crafted PDU Session Resource Setup Response (a specially designed network message).
Fix: A patch is available at https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949
NVD/CVE DatabaseFix: This patch adds kfree_skb() (a function that frees socket buffer memory) to properly free the skb when CONFIG_IPV6 is disabled in the send6 function.
NVD/CVE DatabaseFix: The patch reenables bottom-half processing (BH) before releasing the DMA coherent buffer (a block of memory used for direct memory access between devices). This allows vunmap to safely unmap the memory outside of the interrupt context where it would cause a crash.
NVD/CVE DatabaseFix: Use the actual length of volume coherency data when setting the xattr to avoid the slab-out-of-bounds write error in cachefiles_set_volume_xattr.
NVD/CVE DatabaseFix: The source explicitly mentions several mitigation measures for SME compliance: (1) Regulatory sandboxes with free access and simple procedures for SMEs to test AI systems in controlled conditions, (2) Assessment fees proportional to SME size with regular review to lower costs, (3) Simplified technical documentation forms developed by the Commission and accepted by national authorities, (4) Training activities tailored to SMEs, (5) Dedicated guidance channels to answer compliance questions, and (6) Proportionate obligations for AI model providers with separate Key Performance Indicators for SMEs under the Code of Practice.
EU AI Act UpdatesChatGPT Operator is an AI agent that can control web browsers to complete tasks, but it is vulnerable to prompt injection (tricking the AI by hiding malicious instructions in its input) that could allow attackers to steal data or perform unauthorized actions. OpenAI has implemented three defensive layers: user monitoring to watch what the agent does, inline confirmation requests within the chat asking the user to approve actions, and out-of-band confirmation requests that appear when the agent crosses website boundaries, though these mitigations are not foolproof.
Fix: OpenAI has implemented three primary mitigation techniques: (1) User Monitoring, where users are prompted to observe what Operator is doing, what text it types, and which buttons it clicks, likely based on a data classification model that detects sensitive information on screen; (2) Inline Confirmation Requests, where Operator asks the user within the chat conversation to approve certain actions or clarify requests before proceeding; and (3) Out-of-Band Confirmation Requests, which appear when Operator navigates across websites or performs complex actions, informing the user what is about to happen and giving them the option to pause or resume the operation.
Embrace The RedFix: The patch prevents the vulnerability by disallowing the replacement of a child qdisc from one parent to another. As stated in the source: 'The semantics of "replace" is for a del/add _on the same node_ and not a delete from one node(3:1) and add to another node (1:3)... the patch takes the preventive approach of "disallow such config".' This means the system will now reject attempts to move a qdisc between different parents.
NVD/CVE DatabaseGoogle's Gemini AI can be tricked into storing false information in a user's long-term memory through prompt injection (hidden malicious instructions embedded in documents) combined with delayed tool invocation (planting trigger words that cause the AI to execute commands later when the user unknowingly says them). An attacker can craft a document that appears normal but contains hidden instructions telling Gemini to save false information about the user if they respond with certain words like 'yes' or 'no' in the same conversation.
Fix: This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
NVD/CVE DatabaseFix: Upgrade to version 0.13.3 or later. The source states: 'This vulnerability has been addressed in version 0.13.3 and all users are advised to upgrade.'
NVD/CVE DatabaseFix: This vulnerability is fixed in v0.7.0. Users should upgrade to this version or later.
NVD/CVE DatabaseFix: A patch is available at https://plugins.trac.wordpress.org/changeset/3226650/ according to Wordfence. Users should update the LearnPress plugin to a version newer than 4.2.7.5.
NVD/CVE Database