All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A memory leak (wasted memory that isn't freed) occurs in the Linux kernel's PPP (Point-to-Point Protocol, a networking method) compression code when memory allocation fails. The function pad_compress_skb() returns NULL without freeing the old network packet, and the calling code then loses track of that packet, preventing it from being properly cleaned up.
Fix: Align pad_compress_skb() semantics with realloc() (a memory function that only frees old data if new allocation succeeds). Only free the old skb (socket buffer, a data structure holding a network packet) if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.
NVD/CVE DatabaseA vulnerability in Keras (a machine learning library) allows attackers to run arbitrary code on a system by creating a malicious .keras model file that tricks the load_model function into disabling its safety protections, even when safe_mode is enabled. The attacker does this by embedding a command in the model's configuration file that turns off safe mode, then hiding executable code in a Lambda layer (a Keras feature that can contain custom Python code), allowing the malicious code to run when the model is loaded.
A vulnerability exists in Keras' Model.load_model method where specially crafted .h5 or .hdf5 model files (archive formats that store trained AI models) can execute arbitrary code on a system, even when safe_mode is enabled to prevent this. The attack works by embedding malicious pickled code (serialized Python code) in a Lambda layer, a Keras feature that allows custom Python functions, which bypasses the intended security protection.
Lobe Chat, an open-source AI chat framework, has a cross-site scripting vulnerability (XSS, where attackers inject malicious code into web pages) in versions before 1.129.4. When the app renders certain chat messages containing SVG images, it uses a method called dangerouslySetInnerHTML that doesn't filter the content, allowing attackers who can inject code into chat messages (through malicious websites, compromised servers, or tool integrations) to potentially run commands on the user's computer.
CVE-2025-23336 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could cause a denial of service (making the system unavailable) by loading a misconfigured model. The vulnerability stems from improper input validation (the system not properly checking whether data is safe before using it).
CVE-2025-23329 is a vulnerability in NVIDIA Triton Inference Server (a tool used to run AI models efficiently) on Windows and Linux where an attacker could damage data in memory by accessing a shared memory region used by the Python backend, potentially causing the service to crash. The vulnerability involves improper access control (failing to properly restrict who can access certain resources) and out-of-bounds writing (writing data to memory locations it shouldn't).
CVE-2025-23328 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could send specially crafted input to cause an out-of-bounds write (writing data outside the intended memory location), potentially causing a denial of service (making the service unavailable). The vulnerability has a CVSS score of 4.0, indicating moderate severity.
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend that allows attackers to execute arbitrary code remotely by manipulating the model name parameter in model control APIs (functions that manage AI models). This vulnerability could lead to remote code execution (RCE, where an attacker runs commands on a system they don't own), denial of service (making the system unavailable), information disclosure (exposing sensitive data), and data tampering (modifying stored information).
NVIDIA Triton Inference Server has a vulnerability in its DALI backend (a component that processes data) where improper input validation (the failure to check if data is safe before using it) allows attackers to execute code on the system. The issue is classified as CWE-20, a common weakness type related to input validation problems.
picklescan is a tool that checks if pickle files (a Python format for storing objects) are safe before loading them, but versions up to 0.0.30 have a vulnerability where attackers can bypass these safety checks by giving a malicious pickle file a PyTorch-related file extension. When the tool incorrectly marks this file as safe and it gets loaded, the attacker's malicious code can run on the system.
n8n, an open source workflow automation platform, has a stored XSS vulnerability (cross-site scripting, where malicious code is saved and runs in users' browsers) in versions 1.24.0 through 1.106.x. An authorized user can inject harmful JavaScript into the initialMessages field of the LangChain Chat Trigger node, and if public access is enabled, this code runs in the browsers of anyone visiting the public chat link, potentially allowing attackers to steal cookies or sensitive data through phishing.
CVE-2022-50326 is a memory leak (unused memory that is never freed) in the Linux kernel's airspy media driver. A previous update moved a variable called buf from the stack (temporary memory) to the heap (longer-term memory), but the code only freed this memory when errors occurred, not when the function succeeded, leaving memory wasted.
A ReDoS vulnerability (regular expression denial of service, where specially crafted input causes a program's pattern-matching code to consume excessive CPU) was found in the Hugging Face Transformers library's number normalization feature. An attacker could send text with long digit sequences to crash or slow down text-to-speech and number processing tasks. The vulnerability affects versions up to 4.52.4.
Langchaingo, a library for working with language models, uses jinja2 syntax (a templating language) to parse prompts, but the underlying gonja library it relies on supports file-reading commands like 'include' and 'extends'. This creates a server-side template injection vulnerability (SSTI, where an attacker tricks a server into executing unintended code by injecting malicious template syntax), allowing attackers to insert malicious statements into prompts to read sensitive files like /etc/passwd.
Flowise, a tool for building custom AI workflows through a visual interface, has a critical security flaw in versions 3.0.5 and earlier where the password reset endpoint leaks sensitive information like reset tokens without requiring authentication. This allows attackers to take over any user account by generating a fake reset token and changing the user's password.
A ReDoS vulnerability (regular expression denial of service, where specially crafted input causes a program to use excessive CPU by making regex matching extremely slow) was found in Hugging Face Transformers library version 4.52.4, specifically in the MarianTokenizer's `remove_language_code()` method. The bug is triggered by malformed language code patterns that force inefficient regex processing, potentially crashing or freezing the system.
CVE-2025-55319 is a command injection vulnerability (a type of attack where an attacker inserts malicious commands into a program's input) in Agentic AI (an AI system that can perform tasks independently) and Visual Studio Code that allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper handling of special characters in commands, which lets attackers run arbitrary code on affected systems.
Claude Code, an agentic coding tool (software that can write and execute code with some autonomy), had a vulnerability where a maliciously configured git user email could trigger arbitrary code execution (running unintended commands on a system) when the tool started up, before the user approved workspace access. This affected all versions before 1.0.105.
Claude Code is a tool that helps AI write and run code, but versions before 1.0.105 had a bug in how it parsed commands that let attackers bypass the safety prompt (the confirmation step that checks if code is safe to run). An attacker would need to sneak malicious content into the conversation with Claude Code to exploit this.
Fix: Update to Lobe Chat version 1.129.4 or later, where this vulnerability is fixed.
NVD/CVE DatabaseThis research addresses how to make reinforcement learning (RL, where AI systems learn to make decisions by trial and error) safer for healthcare by proposing a method called Constraint Transformer that learns safety rules from historical medical records instead of requiring real-time interaction. The system uses a causal attention mechanism (a technique that identifies which past events matter most) and a generative world model (a simulation tool) to identify unsafe treatment decisions and improve patient outcomes while reducing harmful behaviors.
Fix: Update to version 1.107.0 or later. As a workaround, the affected chatTrigger node can be disabled.
NVD/CVE DatabaseFix: Fix this by freeing buf in the success path since this variable does not have any references in other code. The patch is available at: https://git.kernel.org/stable/c/23bc5eb55f8c9607965c20d9ddcc13cb1ae59568 and https://git.kernel.org/stable/c/f4285dd02b6b2ca3435b65fb62c053dd9408fd71
NVD/CVE DatabaseFix: Fixed in version 4.53.0 of the Hugging Face Transformers library.
NVD/CVE DatabaseFix: Upgrade to version 3.0.6 or later, which includes commit 9e178d68873eb876073846433a596590d3d9c863 that secures password reset endpoints. The source also recommends: (1) never return reset tokens or account details in API responses; (2) send tokens only through the user's registered email; (3) make the forgot-password endpoint respond with a generic success message to prevent attackers from discovering which accounts exist; (4) require strong validation of reset tokens, including making them single-use, giving them a short expiration time, and tying them to the request origin; and (5) apply these same fixes to both cloud and self-hosted deployments.
NVD/CVE DatabaseFix: Update to version 4.53.0, where the vulnerability has been fixed. A patch is available at https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be.
NVD/CVE DatabaseFix: Update Claude Code to version 1.0.105 or the latest version. Users with automatic updates enabled will have received this fix automatically; those updating manually should upgrade to version 1.0.105 or newer.
NVD/CVE DatabaseFix: Update to version 1.0.105 or the latest version. Users with auto-update enabled have already received this fix automatically.
NVD/CVE Database