aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6493 items

Nonstandard Sinks Matter: A Comprehensive and Efficient Taint Analysis Framework for Vulnerability Detection in Embedded Firmware

inforesearchPeer-Reviewed
research
Oct 8, 2025

Researchers developed BPDA, a method for finding security vulnerabilities in embedded firmware (software that runs on devices like routers and IoT devices) by tracking how user input flows through code to reach dangerous functions called sinks. The method is faster and more accurate than existing tools, discovering 163 real vulnerabilities including 34 previously unknown ones when tested on firmware from major manufacturers.

IEEE Xplore (Security & AI Journals)

CVE-2025-11445: A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webv

mediumvulnerability
security
Oct 8, 2025
CVE-2025-11445

Kilo Code versions up to 4.86.0 contain a vulnerability in the ClineProvider function that allows prompt injection (tricking an AI by hiding instructions in its input) through improper handling of special characters. The vulnerability can be exploited remotely and has already been made public.

CVE-2025-6242: A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimod

highvulnerability
security
Oct 7, 2025
CVE-2025-6242

A Server-Side Request Forgery (SSRF) vulnerability, a weakness that lets attackers trick a server into making unwanted requests to internal resources, exists in the MediaConnector class of the vLLM project's multimodal feature set. The vulnerability occurs in the load_from_url and load_from_url_async methods, which fetch media from user-provided URLs without properly checking which hosts are allowed, potentially allowing attackers to access internal network resources through the vLLM server.

CVE-2023-53667: In the Linux kernel, the following vulnerability has been resolved: net: cdc_ncm: Deal with too low values of dwNtbOutM

mediumvulnerability
security
Oct 7, 2025
CVE-2023-53667

A bug in the Linux kernel's CDC NCM network driver (cdc_ncm_check_tx_max function) caused a crash when dwNtbOutMaxSize (a device setting that specifies maximum transmission buffer size) was set to very low values. The problem occurred because memory allocated for network data packets (SKBs, which are data structures for handling network traffic) didn't have enough space for both the SKB header structures and the actual network data, causing the kernel to panic when trying to write data beyond the allocated bounds.

CVE-2025-61784: LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF

highvulnerability
security
Oct 7, 2025
CVE-2025-61784

LLaMA-Factory, a library for customizing large language models, has a vulnerability in versions before 0.9.4 that allows authenticated users to exploit SSRF (server-side request forgery, where the server is tricked into making requests to unintended destinations) and LFI (local file inclusion, where attackers can read files directly from the server) by providing malicious URLs to the chat API. The vulnerability exists because the code doesn't validate URLs before making HTTP requests, allowing attackers to access sensitive internal services or read arbitrary files from the server.

CVE-2025-59425: vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support

highvulnerability
security
Oct 7, 2025
CVE-2025-59425

vLLM, a system for running and serving large language models, had a security weakness in how it checked API keys (secret codes that authenticate users) before version 0.11.0rc2. The validation used a basic string comparison that took longer to complete the more correct characters an attacker guessed, allowing them to figure out the key one character at a time through a timing attack (analyzing how long the system takes to respond). This weakness could let attackers bypass authentication and gain unauthorized access.

Octopus: A Robust and Privacy-Preserving Scheme for Compressed Gradients in Federated Learning

inforesearchPeer-Reviewed
research

Model Stability Defense Against Model Poisoning in Federated Learning

inforesearchPeer-Reviewed
security

EEG-FE_rrRS: A Robust and Reusable EEG Recognition System Using Fuzzy Extractor

inforesearchPeer-Reviewed
research

CVE-2025-6985: The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attac

highvulnerability
security
Oct 6, 2025
CVE-2025-6985

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 has a vulnerability where it unsafely parses XSLT stylesheets (instructions that transform XML data), allowing attackers to read sensitive files like SSH keys or environment configurations without needing special access. This XXE (XML External Entity, a type of injection attack that exploits how XML parsers handle external files) attack works by default in older versions of the underlying lxml library and can still work in newer versions unless specific security controls are added.

CVE-2025-61687: Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in

highvulnerability
security
Oct 6, 2025
CVE-2025-61687

Flowise version 3.0.7 has a file upload vulnerability that lets authenticated users (people with login access) upload any file type without proper checks. Attackers can upload malicious Node.js web shells (programs that let someone run commands on a server remotely), which stay on the server and could lead to RCE (remote code execution, where an attacker runs commands on a system they don't own) if activated through admin mistakes or other vulnerabilities.

CVE-2025-59159: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode

criticalvulnerability
security
Oct 6, 2025
CVE-2025-59159

SillyTavern, a locally installed interface for interacting with text generation AI models and other AI tools, has a vulnerability in versions before 1.13.4 that allows DNS rebinding (a network attack where an attacker tricks your computer into connecting to a malicious server by manipulating domain name lookups) to let attackers install harmful extensions, steal chat conversations, or create fake login pages. The vulnerability affects the web-based user interface and could be exploited especially when the application is accessed over a local network without SSL (encrypted connections).

AttackDeceiver: Anti-Spoofing Automotive Radar System Using a Phase-Shifted Interleaving Waveform

inforesearchPeer-Reviewed
security

Shift Your Shape: Correlating and Defending Mixnet Flows Based on Their Shapes

inforesearchPeer-Reviewed
security

Revealing the Risk of Hyper-Parameter Leakage in Deep Reinforcement Learning Models

inforesearchPeer-Reviewed
security

PrivESD: A Privacy-Preserving Cloud-Edge Collaborative Logistic Regression Model Over Encrypted Streaming Data

inforesearchPeer-Reviewed
security

Syntax-Oriented Shortcut: A Syntax Level Perturbing Algorithm for Preventing Text Data From Being Learned

inforesearchPeer-Reviewed
research

Hard Sample Mining: A New Paradigm of Efficient and Robust Model Training

inforesearchPeer-Reviewed
research

FedMPS: Federated Learning in a Synergy of Multi-Level Prototype-Based Contrastive Learning and Soft Label Generation

inforesearchPeer-Reviewed
research

Three-Dimensional Multiobject Tracking Based on Voxel Masking Encoder and Deep Hashing Paradigm

inforesearchPeer-Reviewed
research
Previous242 / 325Next

Fix: Applying a patch is the recommended action to fix this issue, as stated in the source material.

NVD/CVE Database
NVD/CVE Database

Fix: The fix clamps dwNtbOutMaxSize to a valid range between USB_CDC_NCM_NTB_MIN_OUT_SIZE and CDC_NCM_NTB_MAX_SIZE_TX, ensuring that enough memory space is allocated to handle both the CDC network data and the SKB header structures without overflow.

NVD/CVE Database

Fix: Update to version 0.9.4 or later, which fixes the underlying issue.

NVD/CVE Database

Fix: Update vLLM to version 0.11.0rc2 or later, which fixes the issue.

NVD/CVE Database
privacy
Oct 7, 2025

Federated learning (a way for multiple parties to train an AI model together without sharing their raw data with a central server) normally requires many communication rounds that waste bandwidth and can leak private information. Existing compression methods reduce communication but ignore privacy risks and fail when some clients disconnect. Octopus addresses these issues by using Sketch (a data compression technique) to compress gradients (the direction and size of updates to a model), adding protective masks around the compressed data, and including a strategy to handle disconnected clients.

Fix: Octopus employs Sketch to compress gradients and embeds masks for the compressed gradients to safeguard them while reducing communication overhead. The scheme proposes an anti-disconnection strategy to support model updates even when some clients are disconnected.

IEEE Xplore (Security & AI Journals)
research
Oct 7, 2025

Federated learning (a training method where multiple parties collaborate to build an AI model without sharing raw data) is vulnerable to model poisoning attacks (where attackers inject harmful updates during training to break the model). This paper proposes MSDFL and HMSDFL, new defensive approaches that strengthen models by improving their stability, meaning they become less sensitive to small changes in their internal parameters, making them more resistant to these poisoning attacks.

Fix: The source explicitly describes the solution: 'we introduce a new method named Model Stability Defense for Federated Learning (MSDFL), designed to fortify the defense of FL systems against model poisoning attacks. MSDFL utilizes a minmax optimization framework, which is fundamentally linked to empirical risk for exploring the effects of model perturbations. The core aim of our approach is to minimize the norm of the model-output Jacobian matrix without compromising predictive performance, thereby establishing defense through enhanced model stability.' The paper also proposes 'a refined version of MSDFL, named Holistic Model Stability Defense for Federated Learning (HMSDFL), which considers model stability across all output dimensions of the logits to effectively eradicate the disparity in model convergence speed induced by MSDFL.'

IEEE Xplore (Security & AI Journals)
Oct 7, 2025

EEG-FE_rrRS is a biometric recognition system that uses brain wave signals (EEG, electroencephalogram) and a fuzzy extractor (a cryptographic tool that converts messy biometric data into secure, consistent digital codes) to create unique digital identities for users in applications like drones and virtual worlds. The system combines EEG signal processing with a fuzzy extractor framework and demonstrates high accuracy in recognizing individuals, achieving nearly perfect results on certain datasets.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database
NVD/CVE Database

Fix: The vulnerability has been patched in version 1.13.4. Users should update to this version. The fix includes a new server configuration setting called `hostWhitelist.enabled` in the config.yaml file or the `SILLYTAVERN_HOSTWHITELIST_ENABLED` environment variable that validates hostnames in incoming HTTP requests against an allowed list. The setting is disabled by default for backward compatibility, but users are encouraged to review their server configurations and enable this protection, especially if hosting over a local network without SSL.

NVD/CVE Database
Oct 6, 2025

Millimeter-wave radars (mmWave, sensors that use radio waves to detect objects) used in autonomous vehicles can be tricked by attackers who send false signals to distort what the radar perceives, potentially causing dangerous driving behavior. AttackDeceiver is a new anti-spoofing system (a defense against false signal attacks) that uses a phase-shifted interleaving waveform (a specially designed radio signal pattern) to detect fake targets by comparing readings from two independent channels, and it also tricks adaptive attackers into creating unrealistic fake objects that are easier to identify.

Fix: The source describes the AttackDeceiver system itself as the mitigation. It works by comparing range and velocity estimates from two independent virtual channels to detect and mitigate spoofing attacks, and by inducing attackers to generate false targets with unrealistic velocity fluctuations that can be identified. The prototype achieved false target recall exceeding 97.9% and signal-to-interference-plus-noise ratio enhancement exceeding 13.46 dB.

IEEE Xplore (Security & AI Journals)
Oct 6, 2025

Researchers demonstrated a flow correlation attack against Nym, a mixnet (a network system that hides which user is communicating with which destination by routing traffic through multiple nodes). By analyzing the pattern and rate of data packets, an attacker controlling entry and exit gateways can use a neural network (a machine learning model inspired by how brains process information) to match incoming flows with outgoing flows with very high accuracy. The study tested five defense strategies and found that using the right combination of countermeasures at appropriate scales can meaningfully reduce the attack's effectiveness.

Fix: The source states: 'the right choice and scale of countermeasure(s) can offer meaningful protection' and mentions that 'five evaluated defense strategies' were tested. However, the source does not explicitly specify which countermeasures to implement, their names, configuration details, or version updates. The text only notes that 'steps a mixnet such as Nym can take to make our attack both less likely and less accurate' exist but does not detail them.

IEEE Xplore (Security & AI Journals)
research
Oct 6, 2025

Researchers discovered that hyper-parameters (settings that control how a deep reinforcement learning model learns and behaves) can be leaked from closed-box DRL models, meaning attackers can figure out these secret settings just by observing how the model responds to different situations. They created an attack called HyperInfer that successfully inferred hyper-parameters with over 90% accuracy, showing that even restricted AI models may expose information that was meant to stay hidden.

IEEE Xplore (Security & AI Journals)
research
Oct 6, 2025

PrivESD is a new system that allows machine learning classification (logistic regression, a technique for categorizing data) to work on encrypted streaming data (continuously flowing information that's been scrambled for privacy) while stored in the cloud. The system splits the computational work between cloud servers and edge devices (computers closer to where data originates) to reduce processing burden and privacy risks, and uses special encryption methods that still allow the system to compare values without revealing the actual data.

IEEE Xplore (Security & AI Journals)
security
Oct 6, 2025

Researchers created a method called UTE-SS (Unlearnable text examples generation via syntax-oriented shortcut) to protect text data from being used to train AI models without permission. The method adds small, hard-to-notice changes to text by altering its syntax (grammatical structure) so that language models learn misleading patterns instead of useful information, making the text data effectively useless for training.

IEEE Xplore (Security & AI Journals)
Oct 6, 2025

Hard sample mining (HSM, a technique for selecting the most difficult training examples to focus a model's learning) has emerged as a method to improve how efficiently deep neural networks (AI systems based on interconnected layers inspired by brain neurons) train and make them more robust to errors. This survey article reviews different HSM approaches and explains how they help address training inefficiency and data distribution biases (when training data doesn't represent real-world scenarios fairly) in deep learning.

IEEE Xplore (Security & AI Journals)
Oct 6, 2025

FedMPS is a federated learning (FL, a technique where multiple computers train an AI model together without sharing raw data) framework that addresses performance problems caused by data heterogeneity (differences in data across participants). Instead of exchanging full model parameters, FedMPS transmits only prototypes (representative feature patterns) and soft labels (probability-based output predictions), which reduces communication costs and improves how well models learn from each other.

IEEE Xplore (Security & AI Journals)
Oct 6, 2025

This paper presents a new system for 3-D multiobject tracking (MOT, a technique where AI follows multiple objects moving through 3-D space) used in autonomous vehicles to improve safety. The system uses a voxel masking encoder (a method that processes 3-D space divided into small cubes, focusing on important features while ignoring empty space) and deep hashing (a technique that converts objects into compact numerical codes for fast comparison) to better track distant objects, partially hidden objects, and similar-looking objects. The method was tested on the KITTI dataset (a standard collection of driving videos used to evaluate autonomous vehicle systems) and showed better tracking accuracy than existing methods.

IEEE Xplore (Security & AI Journals)