aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6498 items

CVE-2025-39847: In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_

mediumvulnerability
security
Sep 19, 2025
CVE-2025-39847

A memory leak (wasted memory that isn't freed) occurs in the Linux kernel's PPP (Point-to-Point Protocol, a networking method) compression code when memory allocation fails. The function pad_compress_skb() returns NULL without freeing the old network packet, and the calling code then loses track of that packet, preventing it from being properly cleaned up.

Fix: Align pad_compress_skb() semantics with realloc() (a memory function that only frees old data if new allocation succeeds). Only free the old skb (socket buffer, a data structure holding a network packet) if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.

NVD/CVE Database

CVE-2025-9906: The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c

highvulnerability
security
Sep 19, 2025
CVE-2025-9906

A vulnerability in Keras (a machine learning library) allows attackers to run arbitrary code on a system by creating a malicious .keras model file that tricks the load_model function into disabling its safety protections, even when safe_mode is enabled. The attacker does this by embedding a command in the model's configuration file that turns off safe mode, then hiding executable code in a Lambda layer (a Keras feature that can contain custom Python code), allowing the malicious code to run when the model is loaded.

CVE-2025-9905: The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c

highvulnerability
security
Sep 19, 2025
CVE-2025-9905

A vulnerability exists in Keras' Model.load_model method where specially crafted .h5 or .hdf5 model files (archive formats that store trained AI models) can execute arbitrary code on a system, even when safe_mode is enabled to prevent this. The attack works by embedding malicious pickled code (serialized Python code) in a Lambda layer, a Keras feature that allows custom Python functions, which bypasses the intended security protection.

CVE-2025-59417: Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site sc

mediumvulnerability
security
Sep 18, 2025
CVE-2025-59417

Lobe Chat, an open-source AI chat framework, has a cross-site scripting vulnerability (XSS, where attackers inject malicious code into web pages) in versions before 1.129.4. When the app renders certain chat messages containing SVG images, it uses a method called dangerouslySetInnerHTML that doesn't filter the content, allowing attackers who can inject code into chat messages (through malicious websites, compromised servers, or tool integrations) to potentially run commands on the user's computer.

CVE-2025-23336: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of

mediumvulnerability
security
Sep 17, 2025
CVE-2025-23336

CVE-2025-23336 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could cause a denial of service (making the system unavailable) by loading a misconfigured model. The vulnerability stems from improper input validation (the system not properly checking whether data is safe before using it).

CVE-2025-23329: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corru

highvulnerability
security
Sep 17, 2025
CVE-2025-23329

CVE-2025-23329 is a vulnerability in NVIDIA Triton Inference Server (a tool used to run AI models efficiently) on Windows and Linux where an attacker could damage data in memory by accessing a shared memory region used by the Python backend, potentially causing the service to crash. The vulnerability involves improper access control (failing to properly restrict who can access certain resources) and out-of-bounds writing (writing data to memory locations it shouldn't).

CVE-2025-23328: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bo

highvulnerability
security
Sep 17, 2025
CVE-2025-23328

CVE-2025-23328 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could send specially crafted input to cause an out-of-bounds write (writing data outside the intended memory location), potentially causing a denial of service (making the service unavailable). The vulnerability has a CVSS score of 4.0, indicating moderate severity.

CVE-2025-23316: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker c

criticalvulnerability
security
Sep 17, 2025
CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend that allows attackers to execute arbitrary code remotely by manipulating the model name parameter in model control APIs (functions that manage AI models). This vulnerability could lead to remote code execution (RCE, where an attacker runs commands on a system they don't own), denial of service (making the system unavailable), information disclosure (exposing sensitive data), and data tampering (modifying stored information).

CVE-2025-23268: NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper inpu

highvulnerability
security
Sep 17, 2025
CVE-2025-23268

NVIDIA Triton Inference Server has a vulnerability in its DALI backend (a component that processes data) where improper input validation (the failure to check if data is safe before using it) allows attackers to execute code on the system. The issue is classified as CWE-20, a common weakness type related to input validation problems.

CVE-2025-10155: An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0

highvulnerability
security
Sep 17, 2025
CVE-2025-10155

picklescan is a tool that checks if pickle files (a Python format for storing objects) are safe before loading them, but versions up to 0.0.30 have a vulnerability where attackers can bypass these safety checks by giving a malicious pickle file a PyTorch-related file extension. When the tool incorrectly marks this file as safe and it gets loaded, the attacker's malicious code can run on the system.

Offline Inverse Constrained Reinforcement Learning for Safe-Critical Decision Making in Healthcare

inforesearchPeer-Reviewed
research

CVE-2025-58177: n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scriptin

mediumvulnerability
security
Sep 15, 2025
CVE-2025-58177

n8n, an open source workflow automation platform, has a stored XSS vulnerability (cross-site scripting, where malicious code is saved and runs in users' browsers) in versions 1.24.0 through 1.106.x. An authorized user can inject harmful JavaScript into the initialMessages field of the LangChain Chat Trigger node, and if public access is enabled, this code runs in the browsers of anyone visiting the public chat link, potentially allowing attackers to steal cookies or sensitive data through phishing.

CVE-2022-50326: In the Linux kernel, the following vulnerability has been resolved: media: airspy: fix memory leak in airspy probe The

mediumvulnerability
security
Sep 15, 2025
CVE-2022-50326

CVE-2022-50326 is a memory leak (unused memory that is never freed) in the Linux kernel's airspy media driver. A previous update moved a variable called buf from the stack (temporary memory) to the heap (longer-term memory), but the code only freed this memory when errors occurred, not when the function succeeded, leaving memory wasted.

CVE-2025-6051: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp

highvulnerability
security
Sep 14, 2025
CVE-2025-6051

A ReDoS vulnerability (regular expression denial of service, where specially crafted input causes a program's pattern-matching code to consume excessive CPU) was found in the Hugging Face Transformers library's number normalization feature. An attacker could send text with long digit sequences to crash or slow down text-to-speech and number processing tasks. The vulnerability affects versions up to 4.52.4.

CVE-2025-9556: Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5

criticalvulnerability
security
Sep 12, 2025
CVE-2025-9556

Langchaingo, a library for working with language models, uses jinja2 syntax (a templating language) to parse prompts, but the underlying gonja library it relies on supports file-reading commands like 'include' and 'extends'. This creates a server-side template injection vulnerability (SSTI, where an attacker tricks a server into executing unintended code by injecting malicious template syntax), allowing attackers to insert malicious statements into prompts to read sensitive files like /etc/passwd.

CVE-2025-58434: Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, t

criticalvulnerability
security
Sep 12, 2025
CVE-2025-58434

Flowise, a tool for building custom AI workflows through a visual interface, has a critical security flaw in versions 3.0.5 and earlier where the password reset endpoint leaks sensitive information like reset tokens without requiring authentication. This allows attackers to take over any user account by generating a fake reset token and changing the user's password.

CVE-2025-6638: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp

highvulnerability
security
Sep 12, 2025
CVE-2025-6638

A ReDoS vulnerability (regular expression denial of service, where specially crafted input causes a program to use excessive CPU by making regex matching extremely slow) was found in Hugging Face Transformers library version 4.52.4, specifically in the MarianTokenizer's `remove_language_code()` method. The bug is triggered by malformed language code patterns that force inefficient regex processing, potentially crashing or freezing the system.

CVE-2025-55319: Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network

highvulnerability
security
Sep 11, 2025
CVE-2025-55319

CVE-2025-55319 is a command injection vulnerability (a type of attack where an attacker inserts malicious commands into a program's input) in Agentic AI (an AI system that can perform tasks independently) and Visual Studio Code that allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper handling of special characters in commands, which lets attackers run arbitrary code on affected systems.

CVE-2025-59041: Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.ema

criticalvulnerability
security
Sep 10, 2025
CVE-2025-59041

Claude Code, an agentic coding tool (software that can write and execute code with some autonomy), had a vulnerability where a maliciously configured git user email could trigger arbitrary code execution (running unintended commands on a system) when the tool started up, before the user approved workspace access. This affected all versions before 1.0.105.

CVE-2025-58764: Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to

criticalvulnerability
security
Sep 10, 2025
CVE-2025-58764

Claude Code is a tool that helps AI write and run code, but versions before 1.0.105 had a bug in how it parsed commands that let attackers bypass the safety prompt (the confirmation step that checks if code is safe to run). An attacker would need to sneak malicious content into the conversation with Claude Code to exploit this.

Previous247 / 325Next
NVD/CVE Database
NVD/CVE Database

Fix: Update to Lobe Chat version 1.129.4 or later, where this vulnerability is fixed.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
safety
Sep 17, 2025

This research addresses how to make reinforcement learning (RL, where AI systems learn to make decisions by trial and error) safer for healthcare by proposing a method called Constraint Transformer that learns safety rules from historical medical records instead of requiring real-time interaction. The system uses a causal attention mechanism (a technique that identifies which past events matter most) and a generative world model (a simulation tool) to identify unsafe treatment decisions and improve patient outcomes while reducing harmful behaviors.

IEEE Xplore (Security & AI Journals)

Fix: Update to version 1.107.0 or later. As a workaround, the affected chatTrigger node can be disabled.

NVD/CVE Database

Fix: Fix this by freeing buf in the success path since this variable does not have any references in other code. The patch is available at: https://git.kernel.org/stable/c/23bc5eb55f8c9607965c20d9ddcc13cb1ae59568 and https://git.kernel.org/stable/c/f4285dd02b6b2ca3435b65fb62c053dd9408fd71

NVD/CVE Database

Fix: Fixed in version 4.53.0 of the Hugging Face Transformers library.

NVD/CVE Database
NVD/CVE Database

Fix: Upgrade to version 3.0.6 or later, which includes commit 9e178d68873eb876073846433a596590d3d9c863 that secures password reset endpoints. The source also recommends: (1) never return reset tokens or account details in API responses; (2) send tokens only through the user's registered email; (3) make the forgot-password endpoint respond with a generic success message to prevent attackers from discovering which accounts exist; (4) require strong validation of reset tokens, including making them single-use, giving them a short expiration time, and tying them to the request origin; and (5) apply these same fixes to both cloud and self-hosted deployments.

NVD/CVE Database

Fix: Update to version 4.53.0, where the vulnerability has been fixed. A patch is available at https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be.

NVD/CVE Database
NVD/CVE Database

Fix: Update Claude Code to version 1.0.105 or the latest version. Users with automatic updates enabled will have received this fix automatically; those updating manually should upgrade to version 1.0.105 or newer.

NVD/CVE Database

Fix: Update to version 1.0.105 or the latest version. Users with auto-update enabled have already received this fix automatically.

NVD/CVE Database