aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6522 items

CVE-2025-4287: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the functi

lowvulnerability
security
May 5, 2025
CVE-2025-4287

A vulnerability (CVE-2025-4287) was found in PyTorch 2.6.0+cu124 in a function that handles GPU communication, which can be exploited to cause a denial of service (making a system or service stop working) by someone with local access to the computer. The vulnerability has been publicly disclosed and rated as medium severity.

Fix: Apply the patch identified as commit 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5, which is recommended to fix this issue.

NVD/CVE Database

CVE-2025-43852: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43852

Retrieval-based-Voice-Conversion-WebUI (a framework for changing voices using AI) in version 2.2.231006 and earlier has a critical vulnerability where user input is passed unsafely to a function that loads model files using torch.load (a Python tool that can execute code from files). An attacker could exploit this by providing a malicious model file path, leading to RCE (remote code execution, where an attacker can run commands on the system).

CVE-2025-43851: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43851

Retrieval-based-Voice-Conversion-WebUI, a voice changing framework, has a vulnerability in versions 2.2.231006 and earlier where user input (like a file path) is passed directly to torch.load (a function that reads model files). This unsafe deserialization (loading untrusted data that could contain malicious code) allows attackers to execute arbitrary commands on the system running the software.

CVE-2025-43850: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43850

Retrieval-based-Voice-Conversion-WebUI is a voice changing tool that has a security flaw in versions 2.2.231006 and earlier. The vulnerability allows unsafe deserialization (loading untrusted data that could contain malicious code) when the program takes user input for a model file path and loads it using torch.load, which could let attackers run arbitrary code on the system.

CVE-2025-43849: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43849

Retrieval-based-Voice-Conversion-WebUI, a voice changing tool, has a vulnerability in versions 2.2.231006 and earlier where unsafe deserialization (loading data in a way that can execute malicious code) allows attackers to run code remotely. The problem occurs because the software takes user input for model file paths and loads them using torch.load without proper safety checks, enabling RCE (remote code execution, where attackers can run commands on the affected system).

CVE-2025-43848: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43848

Retrieval-based-Voice-Conversion-WebUI, a voice-changing tool, has a vulnerability in versions 2.2.231006 and earlier where user input for model file paths is passed unsafely to torch.load (a function that loads saved AI models). This unsafe deserialization (loading data from untrusted sources without checking it first) can allow attackers to run arbitrary code on the system.

CVE-2025-43847: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43847

Retrieval-based-Voice-Conversion-WebUI, a voice-changing framework, has a critical vulnerability in versions 2.2.231006 and earlier where unsafe deserialization (loading data from untrusted sources without checking it first) can occur. An attacker can exploit this by providing a malicious file path that gets loaded using torch.load, which can lead to RCE (remote code execution, where an attacker runs commands on a system they don't own).

CVE-2025-43846: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vu

criticalvulnerability
security
May 5, 2025
CVE-2025-43846

Retrieval-based-Voice-Conversion-WebUI, a voice changing tool based on VITS (a voice synthesis model), has a vulnerability in versions 2.2.231006 and earlier where user-supplied file paths are loaded directly using torch.load (a function that can execute code when loading files), allowing attackers to run arbitrary code on the system. This happens because the ckpt_path1 variable accepts untrusted input and passes it unsafely to a model-loading function.

How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features

mediumnews
securityprivacy

CVE-2023-53123: In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with

highvulnerability
security
May 2, 2025
CVE-2023-53123

A vulnerability in the Linux kernel on s390 systems caused a use-after-free bug (accessing memory after it has been freed) in PCI resources when individual functions on multi-function devices were hot-unplugged and then re-added. The bug occurred because the system kept stale references to freed memory resources, which could be incorrectly claimed when the device reappeared.

MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit

infonews
securityresearch

CVE-2023-53043: In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as c

mediumvulnerability
security
May 2, 2025
CVE-2023-53043

CVE-2023-53043 is a bug in the Linux kernel where a PCIe controller (a hardware component that manages data transfer between a computer and devices connected via PCIe, a high-speed connection standard) was not marked as cache coherent (meaning the system wasn't told that data in the fast-access memory matches data in main memory). This could cause data corruption when the kernel tried to manage memory operations. The fix marks the PCIe node with the dma-coherent flag to tell the system that PCIe devices maintain cache coherency.

AI Regulatory Sandbox Approaches: EU Member State Overview

inforegulatory
policy
May 2, 2025

AI regulatory sandboxes are controlled testing environments where companies can develop and test AI systems with guidance from regulators before releasing them to the public, as required by the EU AI Act (EU's new rules for artificial intelligence). These sandboxes help companies understand what regulations they must follow, protect them from fines if they follow official guidance, and make it easier for small startups to enter the market. Each EU Member State must create at least one sandbox by August 2, 2026, though different countries are taking different approaches to organizing them.

CVE-2025-46567: LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in t

mediumvulnerability
security
May 1, 2025
CVE-2025-46567

CVE-2025-46567 is a critical vulnerability in LLaMA-Factory (a tool for fine-tuning large language models) that exists before version 1.0.0. The vulnerability is in the `llamafy_baichuan2.py` script, which unsafely loads user-supplied files using `torch.load()` (a function that deserializes, or reconstructs, Python objects from saved data), allowing attackers to execute arbitrary commands by crafting a malicious file.

CVE-2025-23163: In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the

mediumvulnerability
security
May 1, 2025
CVE-2025-23163

A deadlock (a situation where the system gets stuck because two parts of code are waiting for each other) was discovered in the Linux kernel's VLAN (virtual LAN, a way to create multiple logical networks on one physical device) handling code. The problem occurred when virtual network devices tried to acquire the same lock twice during network interface initialization, causing the system to hang. The fix changes when certain network flags are propagated, moving them from the device open process to the flag change process instead.

CVE-2025-46560: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and p

mediumvulnerability
security
Apr 30, 2025
CVE-2025-46560

vLLM (a system for running large language models efficiently) versions 0.8.0 through 0.8.4 have a critical performance bug in how it processes multimodal input (text, images, audio). The bug uses an inefficient algorithm (quadratic time complexity, meaning it slows down exponentially as input size grows) when replacing placeholder tokens (special markers like <|audio_|> that get expanded into repeated tokens), which allows attackers to crash or freeze the system by sending specially crafted malicious inputs.

CVE-2025-32444: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and p

criticalvulnerability
security
Apr 30, 2025
CVE-2025-32444

vLLM (a system for running AI models efficiently) versions 0.6.5 through 0.8.4 have a critical vulnerability when using mooncake integration. Attackers can execute arbitrary code remotely because the system uses pickle (an unsafe method for converting data into a format that can be transmitted) over unencrypted ZeroMQ sockets (communication channels) that listen to all network connections, making them easily accessible from the internet.

CVE-2025-30202: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and p

highvulnerability
security
Apr 30, 2025
CVE-2025-30202

vLLM versions 0.5.2 through 0.8.4 have a security vulnerability in multi-node deployments where a ZeroMQ socket (a tool for sending messages between different computers) is left open to all network interfaces. An attacker with network access can connect to this socket to see internal vLLM data or deliberately slow down the system by connecting repeatedly without reading the data, causing a denial of service (making the system unavailable or very slow).

CVE-2025-1194: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, spe

mediumvulnerability
security
Apr 29, 2025
CVE-2025-1194

A ReDoS vulnerability (regular expression denial of service, where specially crafted text causes a regex to consume excessive CPU by repeatedly backtracking) was found in the huggingface/transformers library version 4.48.1, specifically in the GPT-NeoX-Japanese model's tokenizer. An attacker could exploit this by sending malicious input that causes the application to hang or crash due to high CPU usage.

AI Safety Newsletter #53: An Open Letter Attempts to Block OpenAI Restructuring

inforegulatory
policy
Apr 29, 2025

Former OpenAI employees and experts published an open letter asking California and Delaware officials to block OpenAI's restructuring from a nonprofit organization into a for-profit company (a Public Benefit Corporation, which balances profit with public benefit). The letter argues that the restructuring would eliminate governance safeguards designed to prevent profit motives from influencing decisions about AGI (artificial general intelligence, highly autonomous systems that outperform humans at most economically valuable work), and would shift control away from a nonprofit board accountable to the public toward a board partly accountable to shareholders.

Previous260 / 327Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
May 5, 2025

ChatGPT has two memory features: saved memories (which users can manage) and chat history (a newer feature that builds a profile over time without user visibility or control). The chat history feature doesn't search past conversations but maintains recent chat history and learns user preferences, though the implementation details are not publicly documented, and users cannot inspect or modify what the system learns about them unless they use prompt hacking (manipulating the AI's instructions to reveal hidden information).

Embrace The Red

Fix: The fix introduces a new function called pci_bus_remove_resource() to remove individual resources from the PCI bus's resource list when a PCI function is hot-unplugged, while leaving other functions' resources untouched. Additionally, the MMIO resources (memory-mapped I/O addresses that allow software to communicate with hardware) are no longer added to the struct zpci_bus's resource list, and instead the zpci_bar_struct's resource pointer is used directly.

NVD/CVE Database
May 2, 2025

The Model Context Protocol (MCP) is a system that lets AI applications discover and use external tools from servers at runtime (while the program is running). However, MCP has a security weakness: because servers can send instructions through the tool descriptions, they can perform prompt injection (tricking an AI by hiding instructions in its input) to control the AI client, making servers more powerful than they should be.

Embrace The Red

Fix: Mark the PCIe node as dma-coherent in the device tree configuration. Patches are available at: https://git.kernel.org/stable/c/267b899375bf38944d915c9654d6eb434edad0ce, https://git.kernel.org/stable/c/8a63441e83724fee1ef3fd37b237d40d90780766, and https://git.kernel.org/stable/c/e43bba938e2c9104bb4f8bc417ac4d7bb29755e1

NVD/CVE Database
EU AI Act Updates

Fix: This issue has been patched in version 1.0.0. Users should upgrade to version 1.0.0 or later. A patch is available at: https://github.com/hiyouga/LLaMA-Factory/commit/2989d39239d2f46e584c1e1180ba46b9768afb2a

NVD/CVE Database

Fix: Propagate allmulti (receiving all multicast traffic) and promisc (promiscuous mode, receiving all traffic) flags on flags change, not on the open operation. This prevents the recursive locking issue by avoiding the need to re-acquire the same lock during device initialization.

NVD/CVE Database

Fix: This issue has been patched in version 0.8.5.

NVD/CVE Database

Fix: Update to vLLM version 0.8.5 or later, which has patched this vulnerability.

NVD/CVE Database

Fix: This issue has been patched in version 0.8.5. Update vLLM to version 0.8.5 or later.

NVD/CVE Database
NVD/CVE Database
CAIS AI Safety Newsletter