aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6490 items

CVE-2025-62222: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat E

highvulnerability
security
Nov 11, 2025
CVE-2025-62222

CVE-2025-62222 is a command injection vulnerability (where an attacker tricks software into running unintended commands) in the Visual Studio Code CoPilot Chat Extension that allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper neutralization of special elements in commands and inadequate input validation (checking that data is safe before using it).

NVD/CVE Database

An Ensemble Link Prediction Model for Sparse Knowledge Graphs With Drifting Entity

inforesearchPeer-Reviewed
research

On Continuity of Robust and Accurate Classifiers

inforesearchPeer-Reviewed
research

CVE-2025-64513: Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a

criticalvulnerability
security
Nov 10, 2025
CVE-2025-64513

Milvus, an open-source vector database (a specialized database that stores and searches data based on similarity patterns, used in AI applications), has a critical vulnerability in older versions that allows attackers to skip authentication and gain full admin control over the database without needing a password. This means attackers could read, change, or delete any data and perform administrative tasks like managing databases.

v0.14.8

lownews
security
Nov 10, 2025

This release notes document describes version updates across multiple llama-index (a framework for building AI applications with language models) components, including fixes for bugs like a ReActOutputParser (a tool that interprets AI agent outputs) getting stuck, improved support for multiple AI model providers like OpenAI and Google Gemini, and updates to various integrations with external services. The updates span from core functionality fixes to documentation improvements and SDK compatibility updates across dozens of sub-packages.

CVE-2025-64504: Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2

mediumvulnerability
security
Nov 10, 2025
CVE-2025-64504

Langfuse, an open source platform for managing large language models, had a vulnerability in versions 2.70.0 through 2.95.10 and 3.x through 3.124.0 where the server didn't properly check which organization a user belonged to, allowing any authenticated user to see names and email addresses of members in other organizations if they knew the target organization's ID. The vulnerability required the attacker to have a valid account on the same Langfuse instance and knowledge of the target organization's ID, and no customer data like traces, prompts, or evaluations were exposed.

ABAE-RTN: A Deep Learning Framework for Robust Physical Layer Security in Radio Transformer Networks

inforesearchPeer-Reviewed
research

CVE-2025-11972: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection

mediumvulnerability
security
Nov 8, 2025
CVE-2025-11972

A WordPress plugin called Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI has a SQL injection vulnerability (a security flaw where attackers can insert harmful database commands into the plugin's code) in versions up to 3.40.0. Attackers with Editor-level access or higher can exploit the 'post_types' parameter to extract sensitive information from the website's database because the plugin doesn't properly clean up user input before using it in database queries.

CVE-2025-64187: OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vul

mediumvulnerability
security
Nov 6, 2025
CVE-2025-64187

OctoPrint, a web interface for controlling 3D printers, has a vulnerability in versions 1.11.3 and below that allows attackers to inject malicious HTML and JavaScript (code that runs in web browsers) into printer notifications. An attacker could trick a user into printing a specially crafted file to disrupt prints, steal sensitive information, or perform unauthorized actions on the user's OctoPrint system.

v5.1.0

inforesearchIndustry
security

CVE-2025-12488: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This

criticalvulnerability
security
Nov 6, 2025
CVE-2025-12488

A vulnerability in oobabooga text-generation-webui (CVE-2025-12488) allows attackers to execute arbitrary code (running any commands they want on a system) by exploiting the trust_remote_code parameter in the load endpoint. The flaw occurs because the software doesn't properly validate user input before using it to load a model, and no authentication is required to exploit it.

CVE-2025-12487: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This

criticalvulnerability
security
Nov 6, 2025
CVE-2025-12487

A vulnerability in oobabooga text-generation-webui allows attackers to run arbitrary code (unauthorized commands) on the system without needing to log in. The flaw occurs because the software doesn't properly check user input for the trust_remote_code parameter before using it to load a model, letting attackers execute code with the same permissions as the service.

CVE-2025-62039: Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator

highvulnerability
security
Nov 6, 2025
CVE-2025-62039

A vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator (version 2.6.6 and earlier) allows sensitive information to be exposed when data is sent. The flaw, called CWE-201 (insertion of sensitive information into sent data), means attackers could potentially retrieve embedded sensitive data from the plugin.

FUBA: Backdoor Federated Learning via Federated Unlearning

inforesearchPeer-Reviewed
security

CVE-2025-12360: The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to

mediumvulnerability
security
Nov 6, 2025
CVE-2025-12360

The Better Find and Replace plugin for WordPress (versions up to 1.7.7) has a security flaw where a function called rtafar_ajax() doesn't properly check user permissions, allowing low-level authenticated users (Subscriber-level access) to trigger OpenAI API key usage and consume quota, potentially costing money. This happens because the code is missing a capability check (a permission verification system that controls what users can do).

Modifying AI Under the EU AI Act: Lessons from Practice on Classification and Compliance

inforegulatory
policy
Nov 5, 2025

Under the EU AI Act, organizations that modify existing AI systems or general-purpose AI models (GPAI models, which are foundational AI systems designed to perform many different tasks) may become legally classified as "providers" and face significant compliance responsibilities. The article explains that modifications triggering higher compliance burdens typically involve high-risk AI systems or substantial changes to a GPAI model's capabilities or generality, such as fine-tuning (customizing a model for specific tasks). Proper assessment of whether a modification triggers provider status is critical, since misclassification can result in fines up to €15 million or 3% of global annual revenue.

Source Camera Model Identification via Federated Learning Using Laplacian-Based Patches

inforesearchPeer-Reviewed
research

CVE-2025-64110: Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agen

highvulnerability
security
Nov 4, 2025
CVE-2025-64110

Cursor, a code editor designed for programming with AI, has a logic bug in versions 1.7.23 and below that allows attackers to bypass cursorignore (a file that protects sensitive files from being read). An attacker who has already performed prompt injection (tricking an AI by hiding instructions in its input) or controls a malicious AI model could create a new cursorignore file to override existing protections and access protected files.

CVE-2025-64108: Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a pr

highvulnerability
security
Nov 4, 2025
CVE-2025-64108

Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions 1.7.44 and below where attackers can exploit NTFS path quirks (special behaviors of Windows file systems) to bypass file protection rules and overwrite files that normally require human approval, potentially leading to RCE (remote code execution, where an attacker can run commands on a system they don't own). This attack requires chaining with prompt injection (tricking an AI by hiding instructions in its input) or a malicious AI model, and only affects Windows systems using NTFS.

CVE-2025-64107: Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may

highvulnerability
security
Nov 4, 2025
CVE-2025-64107

Cursor, a code editor designed for AI-assisted programming, had a security flaw in versions 1.7.52 and below where attackers could bypass safety checks on Windows machines. While the software blocked path manipulation (tricks to access files in unintended ways) using forward slashes and required human approval, the same trick using backslashes was not detected, potentially allowing an attacker with prompt injection access (hidden malicious instructions in AI inputs) to run arbitrary code and overwrite important files without permission.

Previous238 / 325Next
Nov 11, 2025

This research addresses the problem of incomplete knowledge graphs (databases of connected facts about entities) by proposing a new model called TEDD that predicts missing relationships between entities. The model combines both structural information from the graph and text information, and uses a specialized transformer technique (BERT, a language processing model) to reduce computational costs and handle entities that change over time in dynamic knowledge graphs.

IEEE Xplore (Security & AI Journals)
safety
Nov 11, 2025

This research paper argues that the real problem with machine learning classifiers isn't that robustness (resistance to adversarial attacks, where small malicious changes trick the AI) and accuracy are fundamentally opposed, but rather that continuous functions (smooth mathematical functions without jumps or breaks) cannot achieve both properties simultaneously. The authors propose that effective robust and accurate classifiers should use discontinuous functions (functions with breaks or sudden changes) instead, and show that understanding this continuity property is crucial for building, analyzing, and testing modern machine learning models.

IEEE Xplore (Security & AI Journals)

Fix: Upgrade to Milvus versions 2.4.24, 2.5.21, or 2.6.5. Alternatively, if upgrading immediately is not possible, remove the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before requests reach the Milvus Proxy component. This prevents attackers from exploiting the authentication bypass.

NVD/CVE Database
LlamaIndex Security Releases

Fix: Upgrade to patched versions: v2.95.11 for major version 2 or v3.124.1 for major version 3. According to the source, 'there are no known workarounds' and 'upgrading is required to fully mitigate this issue.'

NVD/CVE Database
Nov 10, 2025

This research presents ABAE-RTN, a deep learning framework that improves security in wireless radio networks by using adaptive beamforming (technology that focuses radio signals toward intended receivers) and autoencoders (neural networks that learn to compress and reconstruct data) to protect against eavesdropping. The system adds artificial noise to disrupt attackers while maintaining communication quality, and adjusts its signal patterns in real time to handle changing channel conditions. Testing shows it outperforms other AI approaches like LSTM (long short-term memory, a type of neural network good at processing sequences) in protecting wireless communications.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database

Fix: This issue is fixed in version 1.11.4. Users should update OctoPrint to version 1.11.4 or later.

NVD/CVE Database
research
Nov 6, 2025

ATLAS Data v5.1.0 is an updated framework that documents security threats and defenses related to AI systems, now containing 16 tactics, 84 techniques, and 32 mitigations. The update adds new attack methods targeting AI, such as prompt injection (tricking an AI by hiding instructions in its input), deepfake generation, and data theft from AI services, along with new defensive measures like human oversight of AI agent actions and restricted permissions for AI tools. It also includes 42 real-world case studies showing how these attacks and defenses apply in practice.

MITRE ATLAS Releases
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
research
Nov 6, 2025

Researchers discovered a new attack called FUBA (federated unlearning backdoor attack) that exploits a privacy feature in federated learning (a technique where multiple parties train an AI model together without sharing their raw data). The attack uses malicious unlearning requests, which are supposed to let participants remove their data from a trained model, to secretly inject backdoors (hidden harmful behaviors) into the model instead. The attack is difficult to detect because it hides from existing security defenses.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database
EU AI Act Updates
Nov 5, 2025

This research proposes FedFFTNet, a system for identifying which camera model took a photo by using federated learning (a technique where AI models train on data kept private across multiple devices rather than sharing raw data centrally). The system uses a lightweight deep learning architecture and a Laplacian-based patch selection strategy (focusing on sharp, detailed areas of images) to identify cameras while maintaining privacy, achieving very high accuracy rates on standard benchmark datasets.

IEEE Xplore (Security & AI Journals)

Fix: Update to version 2.0, where this issue is fixed.

NVD/CVE Database

Fix: This issue is fixed in version 2.0. Users should upgrade to version 2.0 or later.

NVD/CVE Database

Fix: This issue is fixed in version 2.0.

NVD/CVE Database