aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6493 items

CVE-2023-53585: In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The

mediumvulnerability
security
Oct 4, 2025
CVE-2023-53585

A vulnerability in the Linux kernel's bpf_sk_assign function (a BPF helper that assigns sockets to network packets) could cause a memory leak when unhashed UDP sockets (sockets not yet bound to a port) are used. The problem occurs because the function assumes a socket flag called SOCK_RCU_FREE stays constant, but this flag gets set when an unhashed socket is later bound to a port, breaking the function's memory management logic.

Fix: Fix the problem by rejecting unhashed sockets in bpf_sk_assign(). This matches the behaviour of __inet_lookup_skb which is ultimately the goal of bpf_sk_assign().

NVD/CVE Database

CVE-2025-61685: Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vuln

mediumvulnerability
security
Oct 3, 2025
CVE-2025-61685

Mastra (a TypeScript framework for building AI agents and assistants) versions 0.13.8 through 0.13.20-alpha.0 have a directory traversal vulnerability, which means an attacker can bypass security checks to list files and folders in any directory on a user's computer, potentially exposing sensitive information. The flaw exists because while the code tries to prevent path traversal (unauthorized access to files through manipulated file paths) for reading files, a separate part of the code that suggests directories can be exploited to work around this protection.

CVE-2025-59944: Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the wa

highvulnerability
security
Oct 3, 2025
CVE-2025-59944

Cursor is a code editor designed for programming with AI help. Versions 1.6.23 and below have a security flaw where they use case-sensitive checks (checking uppercase and lowercase letters as different) to protect sensitive files, which allows attackers to use prompt injection (tricking the AI with hidden instructions) to modify these files and gain remote code execution (the ability to run commands on the victim's computer) on case-insensitive filesystems (systems that treat uppercase and lowercase letters the same).

CVE-2025-59829: Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission de

mediumvulnerability
security
Oct 3, 2025
CVE-2025-59829

Claude Code versions before 1.0.120 had a security flaw where it could bypass file access restrictions by following symlinks (shortcuts that point to other files). Even if a user blocked Claude Code from accessing a file, the tool could still read it if there was a symlink pointing to that blocked file.

CVE-2025-61593: Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI

highvulnerability
security
Oct 3, 2025
CVE-2025-61593

Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.7 and below where attackers can use prompt injection (tricking the AI by hiding instructions in its input) to modify sensitive configuration files and achieve remote code execution (RCE, where an attacker can run commands on a system they don't own). This vulnerability is especially dangerous on case-insensitive filesystems (systems that treat uppercase and lowercase letters as the same).

CVE-2025-61592: Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific

highvulnerability
security
Oct 3, 2025
CVE-2025-61592

Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions 1.7 and below where it automatically loads configuration files from project directories, which can be exploited by attackers. If a user runs Cursor's command-line tool (CLI) in a malicious repository, an attacker could use prompt injection (tricking the AI by hiding instructions in its input) combined with permissive settings to achieve remote code execution (the ability to run commands on the user's system without permission).

v0.14.4

lownews
security
Oct 3, 2025

LlamaIndex released version 0.14.4 on September 24, 2025, with updates across multiple packages that integrate with different AI services and databases. Most updates fixed dependency issues with OpenAI libraries, while others added new features like support for Claude Sonnet 4.5 and structured outputs, and fixed bugs in areas like authorization headers and data fetching.

CVE-2025-61591: Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication wit

highvulnerability
security
Oct 3, 2025
CVE-2025-61591

Cursor is a code editor that lets programmers work with AI assistance. In versions 1.7 and below, when using MCP (a system for connecting external tools to AI) with OAuth authentication (a login method), an attacker can trick Cursor into running malicious commands by pretending to be a trusted service, potentially giving them full control of the user's computer.

CVE-2025-61590: Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (R

highvulnerability
security
Oct 3, 2025
CVE-2025-61590

Cursor, a code editor designed for AI-assisted programming, has a critical vulnerability in versions 1.6 and below that allows remote code execution (RCE, where an attacker runs commands on your computer without permission). An attacker who gains control of the AI chat context (such as through a compromised MCP server, a tool that extends the AI's capabilities) can use prompt injection (tricking the AI by hiding malicious instructions in its input) to make Cursor modify workspace configuration files, bypassing an existing security protection and ultimately executing arbitrary code.

Novel Ultra-Lightweight Leakage-Resilient Blockchain-Assisted Key Exchange Protocol for Resource-Constrained Smart Meters in Smart Grid

inforesearchPeer-Reviewed
research

Toward Personalized Location Privacy Trading for Mobile Crowd Sensing

inforesearchPeer-Reviewed
security

FedNK-RF: Federated Kernel Learning With Heterogeneous Data and Optimal Rates

inforesearchPeer-Reviewed
research

CVE-2025-61589: Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows

mediumvulnerability
security
Oct 3, 2025
CVE-2025-61589

Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.6 and below where Mermaid (a tool for rendering diagrams) can embed images that get displayed in the chat box. An attacker can exploit this through prompt injection (tricking the AI by hiding instructions in its input) to send sensitive information to an attacker-controlled server, or a malicious AI model might trigger this automatically.

CVE-2025-59536: Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the sta

highvulnerability
security
Oct 3, 2025
CVE-2025-59536

Claude Code (an AI tool that writes and runs code automatically) had a security flaw in versions before 1.0.111 where it could execute code from a project before the user confirmed they trusted the project. An attacker could exploit this by tricking a user into opening a malicious project directory.

Data Aggregation Mechanisms With Dynamic Integrity Trustworthiness Evaluation Framework for Datacenters

inforesearchPeer-Reviewed
research

Privacy-Preserving Federated Learning Scheme With Mitigating Model Poisoning Attacks: Vulnerabilities and Countermeasures

inforesearchPeer-Reviewed
security

Toward a Secure Framework for Regulating Artificial Intelligence Systems

inforesearchPeer-Reviewed
policy

Fish and Chips: On the Root Causes of Co-Located Website-Fingerprinting Attacks

inforesearchPeer-Reviewed
security

An Algorithm for Persistent Homology Computation Using Homomorphic Encryption

inforesearchPeer-Reviewed
research

Securing IoT: Unveiling Attacks With Multiview-Multitask Learning

inforesearchPeer-Reviewed
research
Previous243 / 325Next

Fix: This issue is fixed in version 0.13.20.

NVD/CVE Database

Fix: This issue is fixed in version 1.7. Users should upgrade to version 1.7 or later.

NVD/CVE Database

Fix: Update Claude Code to version 1.0.120 or later. Users with automatic updates enabled will have received this fix automatically; users updating manually should upgrade to the latest version.

NVD/CVE Database

Fix: This issue is fixed in commit 25b418f, but has yet to be released as of October 3, 2025.

NVD/CVE Database

Fix: The fix is available as patch 2025.09.17-25b418f. As of October 3, 2025, this patch has not yet been included in an official release version.

NVD/CVE Database

Fix: Update to version 0.14.4 and the corresponding versioned packages listed in the release notes (e.g., llama-index-llms-openai 0.6.1, llama-index-embeddings-text-embeddings-inference 0.4.2, llama-index-llms-ollama 0.7.4, and others) to receive the dependency fixes and bug fixes described.

LlamaIndex Security Releases

Fix: A patch is available at version 2025.09.17-25b418f. Users should update to this patched version to fix the vulnerability.

NVD/CVE Database

Fix: Update to version 1.7, which fixes this issue.

NVD/CVE Database
Oct 3, 2025

This research paper identifies security weaknesses in a previous key exchange protocol (a method for two systems to securely agree on a shared secret) used in smart grids, specifically showing it is vulnerable to offline password-guessing and key compromise impersonation attacks (where an attacker tricks one party into thinking they are the other party). The authors propose a new, lightweight protocol that fixes these issues by using the Solana blockchain to manage keys and requiring smart meters to perform only simple operations like hashing (converting data into fixed-size codes) and encryption.

Fix: The paper proposes a decentralized ultra-lightweight AKE (authenticated key exchange) protocol that leverages the public Solana blockchain to enhance transparency and enable simple key revocation, with the SMD (smart metering device) performing only hashing, symmetric encryption/decryption, and physical unclonable function operations. However, this is a research proposal rather than a patch or update to existing software, so no software mitigation version or download link is provided.

IEEE Xplore (Security & AI Journals)
Oct 3, 2025

This research proposes Leaper, a framework that helps mobile workers in crowdsourcing tasks (where many people contribute data from their phones) protect their location privacy while still completing work. The system uses differential privacy (a mathematical technique that adds noise to data to prevent identifying individuals) and k-anonymity (mixing a person's data with others so they can't be singled out) to obfuscate, or hide, each worker's actual location, and then compensates workers fairly based on the privacy risk they accept.

IEEE Xplore (Security & AI Journals)
Oct 3, 2025

This research paper proposes FedNK-RF, an algorithm for federated learning (a decentralized approach where multiple parties train AI models together while keeping their data private) that handles heterogeneous data (data that differs significantly across different sources). The algorithm uses random features and Nyström approximation (a mathematical technique that reduces computational errors) to improve accuracy while maintaining privacy protection, and the authors prove it achieves optimal performance rates.

IEEE Xplore (Security & AI Journals)

Fix: This issue is fixed in version 1.7. Users should upgrade to version 1.7 or later.

NVD/CVE Database

Fix: Update Claude Code to version 1.0.111 or later. Users with auto-update enabled will have received this fix automatically; users performing manual updates should update to the latest version.

NVD/CVE Database
Oct 2, 2025

This research proposes a data aggregation framework (a system for combining data from multiple sources) that evaluates how trustworthy different data sources are using dynamic Bayesian networks (a model that updates trust scores based on changing network behavior over time). The framework combines trust measurement with the minimum spanning tree protocol (an algorithm for efficient data routing) to improve how data centers process large amounts of information, achieving significant reductions in computational, communication, and storage costs.

IEEE Xplore (Security & AI Journals)
research
Oct 2, 2025

Federated learning schemes (systems where multiple parties train AI models together while keeping data private) that use two servers for privacy protection were found to leak user data when facing model poisoning attacks (where malicious users deliberately corrupt the learning process). The researchers propose an enhanced framework called PBFL that uses Byzantine-robust aggregation (a method to safely combine data from untrusted sources), normalization checks, similarity measurements, and trapdoor fully homomorphic encryption (a technique for doing calculations on encrypted data without decrypting it) to protect privacy while defending against poisoning attacks.

Fix: The authors propose an enhanced privacy-preserving and Byzantine-robust federated learning (PBFL) framework that addresses the vulnerability. Key components include: a novel Byzantine-tolerant aggregation strategy with normalization judgment, cosine similarity computation, and adaptive user weighting; a dual-scoring trust mechanism and outlier suppression for detecting stealthy attacks; and two privacy-preserving subroutines (secure normalization judgment and secure cosine similarity measurement) that operate over encrypted gradients using a trapdoor fully homomorphic encryption scheme. According to theoretical analyses and experiments, this scheme guarantees security, convergence, and efficiency even with malicious users and one malicious server.

IEEE Xplore (Security & AI Journals)
research
Oct 1, 2025

This paper addresses the lack of technical tools for regulating high-risk AI systems by proposing SFAIR (Secure Framework for AI Regulation), a system that automatically tests whether an AI meets regulatory standards. The framework uses a temporal self-replacement test (similar to certification exams for human operators) to measure an AI's operational qualification score, and protects itself using encryption, randomization, and real-time monitoring to prevent tampering.

Fix: The paper proposes SFAIR as a comprehensive framework for securing AI regulation. Key technical safeguards mentioned include: randomization, masking, encryption-based schemes, and real-time monitoring to secure SFAIR operations. Additionally, the framework leverages AMD's Secure Encrypted Virtualization-Encrypted State (SEV-ES, a processor-level security technology that encrypts AI system memory) for enhanced security. The source code of SFAIR is made publicly available.

IEEE Xplore (Security & AI Journals)
Oct 1, 2025

This research identifies how microarchitectural website-fingerprinting attacks (timing-based methods where attackers on the same computer can learn what websites a victim visits) actually work by pinpointing four main sources of information leakage: core contention (competition for processor cores), interrupts (signals that pause processing), frequency scaling (changing processor speed), and cache eviction (removing data from fast memory). The researchers developed a framework to measure how much each leakage source contributes to these attacks and demonstrated that controlling these sources can prevent the attacks entirely.

Fix: The source demonstrates that leakage can be 'completely mitigated by controlling these sources' (core contention, interrupts, frequency scaling, and cache eviction), but does not specify the concrete technical steps, configuration changes, or software updates needed to implement such controls in practice.

IEEE Xplore (Security & AI Journals)
Oct 1, 2025

This research presents a new method for performing topological data analysis (TDA, a technique that finds shape-based patterns in complex data) on encrypted information using homomorphic encryption (HE, a type of encryption that lets computers process data without decrypting it first). The authors adapted a fundamental TDA algorithm called boundary matrix reduction to work with encrypted data, proved it works correctly mathematically, and tested it using the OpenFHE framework to show it functions properly on real encrypted data.

IEEE Xplore (Security & AI Journals)
Oct 1, 2025

This paper presents M²VT, a new AI defense system that uses multiview-multitask learning (processing multiple sets of features at once to perform several related tasks) to detect and classify cyberattacks on IoT devices (connected smart devices and systems). The system achieves over 96% accuracy by using autoencoders (neural networks that compress and extract important patterns from data) and LSTM networks (a type of AI that understands sequences over time) to simultaneously detect attacks, categorize them, and classify their types.

IEEE Xplore (Security & AI Journals)