All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
vLLM is a serving engine for running large language models, and versions 0.6.4 through 0.11.x have a vulnerability where attackers can crash the server by sending a tiny 1x1 pixel image to models using the Idefics3 vision component, causing a dimension mismatch (a size incompatibility between data structures) that terminates the entire service.
Fix: This issue has been patched in version 0.12.0. Users should upgrade to vLLM version 0.12.0 or later.
NVD/CVE DatabaseThe Autogen Headers Menu WordPress plugin (all versions up to 1.0.1) has a stored cross-site scripting vulnerability (XSS, where attackers inject malicious scripts into web pages) in the 'head_class' parameter of the 'autogen_menu' shortcode. Authenticated attackers with Contributor-level access or higher can exploit insufficient input sanitization and output escaping to inject arbitrary scripts that execute when users view affected pages.
The BetterDocs plugin for WordPress (all versions up to 4.3.3) has a vulnerability that exposes sensitive information, allowing authenticated attackers with contributor-level access or higher to extract data including OpenAI API keys stored in the plugin settings through the scripts() function. This affects any WordPress site using the plugin where users have contributor-level permissions or above.
LibreChat version 0.8.1-rc2 has a server-side request forgery vulnerability (SSRF, where an attacker tricks a server into making requests to unintended targets) because the Actions feature allows agents to access any remote service without restrictions, including internal components like the RAG API (retrieval-augmented generation system that pulls in external documents). This means attackers could potentially use LibreChat to access internal systems they shouldn't reach.
LibreChat version 0.8.1-rc2 has an access control vulnerability where authenticated attackers (users who have logged in) can read permissions of any agent (a predefined AI assistant with specific instructions) without proper authorization, even if they shouldn't have access to that agent. If an attacker knows an agent's ID number, they can view permissions that other users have been granted for that agent.
LibreChat version 0.8.1-rc2 has a missing authorization (a failure to check if a user has permission to do something) vulnerability that allows an authenticated attacker to upload files to any agent's file storage if they know the agent's ID, even without proper permissions. This could let attackers change how agents behave by adding malicious files.
OpenAirInterface CN5G AMF (a component that handles network requests) versions 2.0.1 and earlier contain a logical error in how they process JSON format requests. Unauthorized attackers can exploit this flaw by sending malicious JSON data to the AMF's SBI interface (the system's network communication endpoint) to cause a denial-of-service attack (making the service unavailable to legitimate users).
OpenAirInterface CN5G AMF (a software component for handling mobile network communications) version 2.1.9 and earlier contains a buffer overflow vulnerability (a memory safety bug where data exceeds allocated space) in how it processes NAS messages (protocol messages used in mobile networks). Remote attackers without authorization can exploit this by sending an unusually long IMSI string (a mobile subscriber identifier) through port N1, potentially crashing the system or running malicious code.
A WordPress plugin called 'Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI' has a security flaw (CWE-862, missing authorization) in versions up to 3.41.0 that allows contributors and higher-level users to add or remove taxonomy terms (tags and categories) on any post, even ones they don't own, due to missing permission checks. This vulnerability affects authenticated users who have contributor-level access or above.
Anthropic's MCP TypeScript SDK (a toolkit for building AI applications) versions up to 1.25.1 has a ReDoS vulnerability (regular expression denial of service, where a maliciously designed input causes the regex parser to work extremely hard and freeze the system) in its UriTemplate class. An attacker can send a specially crafted URI (web address) that makes the Node.js process (the JavaScript runtime environment) consume excessive CPU and stop responding, causing the application to crash or become unavailable.
A security vulnerability (CVE-2025-15453) exists in Milvus versions up to 2.6.7 in the expr.Exec function, where an attacker can manipulate the code argument to trigger deserialization (converting untrusted data back into executable code), allowing remote exploitation with user credentials. The vulnerability has been publicly disclosed and is rated as medium severity (CVSS 5.3).
Langflow, a tool for building AI-powered agents and workflows, has a security flaw in versions before 1.7.0.dev45 where some API endpoints (the interfaces that software uses to communicate and request data) are missing authentication controls (checks to verify who is using them). This allows anyone without a login to access private user conversations, transaction histories, and delete messages. The vulnerability affects endpoints that handle sensitive personal data and system operations.
MessagePack for Java has a denial-of-service vulnerability in versions before 0.9.11 where specially crafted .msgpack files can trick the library into allocating massive amounts of memory. When the library deserializes (reads and converts) these files, it blindly trusts the size information in EXT32 objects (an extension data type) and tries to allocate a byte array matching that size, which can be impossibly large, causing the Java program to run out of memory and crash.
Fix: Update to version 4.3.4 or later, as indicated by the WordPress plugin repository changeset reference showing the fix was applied in that version.
NVD/CVE DatabaseFix: This issue is fixed in version 0.8.2-rc2.
NVD/CVE DatabaseFix: This issue is fixed in version 0.8.2-rc2. Users should update to this version or later.
NVD/CVE DatabaseOut-of-distribution (OoD, inputs that don't match what an AI was trained on) detection in object detection systems causes AI models to make overconfident wrong predictions on objects they shouldn't recognize. This paper reveals that popular benchmark datasets used to test OoD detection have quality problems, where up to 13% of test objects are mislabeled, making current methods appear better than they really are. The authors propose a new training-time approach where object detectors are fine-tuned using carefully created OoD training data that looks similar to normal objects, which reduces false detections by 91% in YOLO models.
Fix: The paper introduces a training-time mitigation paradigm where 'we fine-tune the detector using a carefully synthesized OoD dataset that semantically resembles in-distribution objects.' This approach 'shapes a defensive decision boundary by suppressing objectness on OoD objects' and achieves 'a 91% reduction in hallucination error of a YOLO model on BDD-100 K.' The methodology is shown to work across multiple detection architectures including YOLO, Faster R-CNN, and RT-DETR.
IEEE Xplore (Security & AI Journals)Fix: A fix is planned for the next release 2.6.8.
NVD/CVE DatabaseFix: Update to version 1.7.0.dev45 or later, which contains a patch for this vulnerability.
NVD/CVE DatabaseFix: Update to version 0.9.11 or later, which fixes the vulnerability.
NVD/CVE DatabaseThis article presents a control method for multiple fixed-wing UAVs (unmanned aerial vehicles, or drones) that need to fly together in formation while avoiding collisions and handling unpredictable disturbances. The approach uses reinforcement learning (a type of AI that learns by trial and error) combined with control barrier functions (mathematical tools that enforce safety constraints) to create a system that keeps the UAVs safe and stable while optimizing their performance.
Auto-regressive video diffusion models (AR-VDMs, systems that generate videos by predicting one frame at a time) struggle with two problems: history forgetting, where they lose track of earlier frames they created, and temporal degradation, where video quality gets worse over time. Researchers created Meta-ARVDM, a theoretical framework that analyzes both problems and shows that using more past frames reduces history forgetting, while also introducing a new way to evaluate these models using a "needle-in-a-haystack" test (finding specific content buried in larger data).
This paper presents a mathematical framework for understanding denoising Markov models (generative models that learn to reverse a noising process to create new data). The authors use concepts from statistical mechanics to establish rigorous rules for how these models work, unifying existing approaches like diffusion models and proposing new variations using different types of mathematical processes.
Hallucinations (instances where Large Language Models generate false or misleading content) are a safety problem for AI applications. The paper introduces UQLM, a Python package that uses uncertainty quantification (UQ, a statistical technique for measuring how confident a model is in its answer) to detect when an LLM is likely hallucinating by assigning confidence scores between 0 and 1 to responses.
Fix: The source describes UQLM as 'an off-the-shelf solution for UQ-based hallucination detection that can be easily integrated to enhance the reliability of LLM outputs.' No specific implementation steps, code examples, or version details are provided in the source text.
JMLR (Journal of Machine Learning Research)This paper studies how to improve the accuracy of generative models (AI systems that create new data, like images or text) by using knowledge transfer, where a model trained on one task helps train a model on a different task. The researchers introduce a framework based on 'Shared Embedding,' a technique that finds common patterns between different tasks even when their data looks different, and show that this approach improves performance in two types of generative models: diffusion models (which gradually refine random noise into structured outputs) and normalizing flows (mathematical transformations that learn data distributions).
This research presents a method for converting large-scale weather predictions into detailed local rainfall forecasts using neural networks and statistical models. The approach works in two steps: first, it uses joint generalized neural models (neural networks that predict the parameters of probability distributions) to estimate rainfall distributions based on coarse weather data, and second, it uses a censored latent Gaussian copula (a mathematical model that captures how rainfall patterns are related across nearby locations) to ensure spatial coherence. The method was tested on UK weather data and performed better than existing techniques.