All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2025-64320 is a code injection vulnerability in Salesforce Agentforce Vibes Extension that occurs because the software doesn't properly filter user input before sending it to an LLM (large language model), allowing attackers to inject malicious code. The vulnerability affects versions before 3.2.0 of the extension.
Fix: Update Salesforce Agentforce Vibes Extension to version 3.2.0 or later.
NVD/CVE DatabaseCVE-2025-10875 is a vulnerability in Salesforce Mulesoft Anypoint Code Builder that allows improper neutralization of input used for LLM prompting (a technique where attackers manipulate AI system instructions through user input), leading to code injection (inserting malicious code into a system). This vulnerability affects versions of the software before 1.11.6.
CVE-2025-12695 is a vulnerability in DSPy (a framework for building AI agents) where an overly permissive sandbox configuration (a restricted environment meant to limit what code can do) allows attackers to steal sensitive files when users build an AI agent that takes user input and uses the PythonInterpreter class (a tool that runs Python code). The vulnerability stems from improper isolation, meaning the sandbox doesn't adequately separate the untrusted code from the rest of the system.
A WordPress plugin called 'Ai Auto Tool Content Writing Assistant' (versions 2.0.7 to 2.2.6) has a security flaw where it doesn't properly check user permissions before allowing the save_post_data() function (a feature that stores post information) to run. This means even low-level users (Subscriber level and above) can create and publish posts they shouldn't be able to, allowing unauthorized modification of website content.
LlamaIndex released version 0.14.7 and several component updates that add new features and fix bugs across the platform. Key updates include integrations with tool-calling features for multiple AI models (Anthropic, Mistral, Ollama), new support for GitHub App authentication, and fixes for failing tests and documentation issues. These changes improve how LlamaIndex connects to different AI services and external tools.
Keras, a machine learning library, has a vulnerability in its keras.utils.get_file function when extracting tar archives (compressed file collections). An attacker can create a malicious tar file with special symlinks (shortcuts to files) that, when extracted, writes files anywhere on the system instead of just the intended folder, giving them unauthorized access to overwrite important system files.
LiteLLM, a tool that helps developers use different AI models through one interface, has a vulnerability where the health endpoint (a checking tool that monitors system status) improperly exposes API_KEY information (secret credentials used to authenticate requests) to attackers who are already authenticated. An attacker with access could steal these stored credentials and use them to compromise the system further.
MLflow Tracking Server contains a directory traversal (a vulnerability where an attacker uses special path characters like '../' to access files outside the intended directory) vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. The flaw stems from insufficient validation of file paths when handling model creation, letting attackers run commands with the privileges of the service account running MLflow.
CVE-2025-11200 is a vulnerability in MLflow that allows remote attackers to bypass authentication (gain access without logging in) because the system has weak password requirements (passwords that are too easy to guess or crack). Attackers can exploit this flaw to access MLflow installations without needing valid credentials.
CVE-2025-12058 is a vulnerability in Keras (a machine learning library) where the load_model method can be tricked into reading files from a computer's local storage or making network requests to external servers, even when the safe_mode=True security flag is enabled. The problem occurs because the StringLookup layer (a component that converts text into numbers) accepts file paths during model loading, and an attacker can craft a malicious .keras file (a model storage format) to exploit this weakness.
Anthropic added network request capabilities to Claude's Code Interpreter, which creates a security risk for data exfiltration (unauthorized stealing of sensitive information). An attacker, either controlling the AI model or using indirect prompt injection (hidden malicious instructions in a document the AI processes), could abuse Anthropic's own APIs to steal data that a user has access to, rather than using typical methods like hidden links.
A Linux kernel vulnerability (CVE-2025-40058) affects Intel VT-d IOMMU (input/output memory management unit, a hardware component that manages memory access for devices) dirty page tracking. Dirty page tracking requires the IOMMU and CPU to keep memory synchronized, but if the IOMMU's page walk (the process of reading memory structure tables) is incoherent (not synchronized), the tracking fails and can cause non-recoverable faults. The fix prevents this misconfiguration by only enabling SSADS (support for dirty tracking) when both ecap_slads and ecap_smpwc hardware capabilities are present.
A SQL injection vulnerability (a type of attack where an attacker inserts malicious SQL code into an application) exists in LangGraph's SQLite storage system, specifically in version 2.0.10 of langgraph-checkpoint-sqlite. The vulnerability happens because the code directly combines user input with SQL commands instead of safely separating them, allowing attackers to steal sensitive data like passwords and API keys, and bypass security protections.
LlamaIndex v0.14.6 is a software update released on October 26, 2025, that fixes various bugs across multiple components including support for parallel tool calls, metadata handling, embedding format compatibility, and SQL injection vulnerabilities (using parameterized queries instead of raw SQL string concatenation). The release also adds new features like async support for retrievers and integrations with new services like Helicone.
FastGPT, an AI Agent building platform, had a vulnerability in its workflow file reading node where network links were not properly verified, creating a risk of SSRF attacks (server-side request forgery, where an attacker tricks the server into making unwanted requests to other systems). The vulnerability affected versions before 4.11.1.
Hugging Face Smolagents version 1.20.0 has an XPath injection vulnerability (a security flaw where attackers can inject malicious code into XPath queries, which are used to search and navigate document structures) in its web browser function. The vulnerability exists because user input is directly inserted into XPath queries without being cleaned, allowing attackers to bypass search filters, access unintended data, and disrupt automated web tasks.
Fix: Update Mulesoft Anypoint Code Builder to version 1.11.6 or later.
NVD/CVE DatabaseFix: Upgrade Keras to version 3.12 or later. The source notes that upgrading Python alone (even to versions like Python 3.13.4 that fix the underlying CVE-2025-4517 vulnerability) is not sufficient; the Keras upgrade is also required.
NVD/CVE DatabaseThis article presents MaxDiv, a technique for machine unlearning, which is the process of removing specific knowledge from an AI model after training to protect privacy, even when the original training data is no longer available. MaxDiv works by creating special synthetic data samples that have opposite characteristics to the data being forgotten, and it uses knowledge distillation (a technique where a model learns to replicate another model's behavior) to ensure important information isn't accidentally lost during the unlearning process.
Fix: A patch is available at the following GitHub commit: https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54
NVD/CVE DatabaseA new benchmark called the Remote Labor Index (RLI) measures whether AI systems can automate real computer work tasks across different professions, showing that current AI agents can only fully automate 2.5% of projects despite improving over time. Additionally, over 50,000 people, including top scientists and Nobel laureates, signed an open letter calling for a moratorium (temporary ban) on developing superintelligence (a hypothetical AI system far more capable than humans) until it can be proven safe and controllable.
This article reviews prompt engineering (the practice of designing inputs like questions or instructions to guide AI systems toward better responses) and analyzes its strengths, weaknesses, opportunities, and threats using a SWOT framework. The review covers how prompt engineering can improve interactions with large language models (advanced AI systems trained on vast amounts of text) across industries like healthcare and education, while also identifying challenges around maintaining accuracy and efficiency.
Fix: Mark SSADS as supported only when both ecap_slads and ecap_smpwc are supported, preventing the IOMMU from being incorrectly configured for dirty page tracking when operating in incoherent mode.
NVD/CVE DatabaseThis paper presents RINNs (reparameterizable integral neural networks), a new type of AI model designed to run efficiently on mobile devices with limited computing power. The key innovation is a reparameterization strategy that converts the complex mathematical structure used during training into a simpler feed-forward structure (a straightforward sequence of processing steps) at inference time, allowing these models to achieve high accuracy (79.1%) while running very fast (0.87 milliseconds) on mobile hardware.
Fix: The source explicitly mentions one security fix: 'Replace raw SQL string interpolation with proper SQLAlchemy parameterized APIs in PostgresKVStore' (llama-index-storage-kvstore-postgres #20104). Users should update to v0.14.6 to receive this and other bug fixes. No other specific mitigation steps are described in the release notes.
LlamaIndex Security ReleasesFix: Update FastGPT to version 4.11.1 or later, as this issue has been patched in that version.
NVD/CVE DatabaseFix: The issue is fixed in version 1.22.0. Users should upgrade Hugging Face Smolagents to version 1.22.0 or later.
NVD/CVE Database