aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6522 items

CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and

criticalvulnerability
security
Apr 7, 2025
CVE-2025-3248EPSS: 92.1%🔥 Actively Exploited

Langflow versions before 1.3.0 have a code injection vulnerability (a flaw where attackers can insert and run malicious code) in the /api/v1/validate/code endpoint that allows unauthenticated attackers (those without login credentials) to execute arbitrary code by sending specially crafted HTTP requests (formatted messages to the server). This vulnerability is actively being exploited in the wild.

Fix: Update Langflow to version 1.3.0 or later, as referenced in the official release notes at https://github.com/langflow-ai/langflow/releases/tag/1.3.0. If mitigations are unavailable, discontinue use of the product.

NVD/CVE Database

GitHub Copilot Custom Instructions and Risks

mediumnews
securitysafety

CVE-2025-27520: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code

criticalvulnerability
security
Apr 4, 2025
CVE-2025-27520EPSS: 81.0%

BentoML v1.4.2 contains a Remote Code Execution (RCE) vulnerability caused by insecure deserialization (unsafe handling of data conversion from storage format back into code objects), which allows unauthenticated users to execute arbitrary code on the server through an unsafe code segment in serde.py. This is a critical security flaw in a Python library used for building AI model serving systems.

CVE-2025-3136: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function t

lowvulnerability
security
Apr 3, 2025
CVE-2025-3136

CVE-2025-3136 is a memory corruption vulnerability found in PyTorch 2.6.0, specifically in a function that manages GPU memory allocation. The vulnerability requires local access to exploit and has been publicly disclosed, though it is rated as medium severity with a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.8.

CVE-2025-3121: A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module

lowvulnerability
security
Apr 2, 2025
CVE-2025-3121

CVE-2025-3121 is a memory corruption vulnerability (where a program accidentally writes data to wrong memory locations) found in PyTorch 2.6.0, specifically in the torch.jit.jit_module_from_flatbuffer function. An attacker with local access (meaning they can run code on the same computer) could exploit this vulnerability, and the exploit details have been publicly disclosed.

CVE-2025-31564: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Too

highvulnerability
security
Apr 1, 2025
CVE-2025-31564

CVE-2025-31564 is a SQL injection vulnerability (a type of attack where an attacker inserts malicious database commands into user input) found in the Ai Auto Tool Content Writing Assistant WordPress plugin, versions up to 2.1.7. The vulnerability allows blind SQL injection (SQL attacks where the attacker cannot see direct results but can infer information through application behavior), potentially letting attackers access or manipulate the database.

CVE-2025-31843: Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Con

mediumvulnerability
security
Apr 1, 2025
CVE-2025-31843

CVE-2025-31843 is a missing authorization vulnerability (a security flaw where the software fails to properly check if a user has permission to perform an action) in the Wilson OpenAI Tools plugin for WordPress and WooCommerce that affects versions up to 2.1.5. The vulnerability allows attackers to exploit incorrectly configured access controls, meaning they can perform actions they shouldn't be allowed to do.

CVE-2025-3001: A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_ce

mediumvulnerability
security
Mar 31, 2025
CVE-2025-3001

PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-3001) in the torch.lstm_cell function that causes memory corruption (damage to data stored in a computer's memory) through local manipulation. The vulnerability requires local access to exploit and has been publicly disclosed.

CVE-2025-3000: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The

mediumvulnerability
security
Mar 31, 2025
CVE-2025-3000

A critical vulnerability (CVE-2025-3000) was found in PyTorch 2.6.0 affecting the torch.jit.script function, which causes memory corruption (damage to data stored in a computer's RAM). The vulnerability can be exploited locally (by someone with access to the same machine) and has already been publicly disclosed, making it a known risk.

CVE-2025-2999: A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.

mediumvulnerability
security
Mar 31, 2025
CVE-2025-2999

CVE-2025-2999 is a critical vulnerability in PyTorch 2.6.0 affecting the torch.nn.utils.rnn.unpack_sequence function, which causes memory corruption (unsafe access to computer memory). An attacker must have local access (ability to run code on the same machine) to exploit this bug, and the vulnerability has already been made public.

CVE-2025-2998: A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the func

mediumvulnerability
security
Mar 31, 2025
CVE-2025-2998

PyTorch 2.6.0 contains a critical vulnerability (CVE-2025-2998) in the torch.nn.utils.rnn.pad_packed_sequence function that causes memory corruption (a situation where data in a program's memory is accidentally overwritten or damaged). An attacker with local access (ability to run code on the same machine) can exploit this flaw, and the vulnerability details have been publicly disclosed.

AI Safety Newsletter #50: AI Action Plan Responses

infonews
policyindustry

CVE-2025-2953: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is t

lowvulnerability
security
Mar 30, 2025
CVE-2025-2953

A vulnerability in PyTorch 2.6.0+cu124 affects the torch.mkldnn_max_pool2d function, a component used for processing image data. The vulnerability can cause a denial of service (making a system unavailable), but requires local access to the machine. The vulnerability's real existence is still disputed.

CVE-2025-26265: A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE C

mediumvulnerability
security
Mar 27, 2025
CVE-2025-26265

CVE-2025-26265 is a bug in openairinterface5g (software for 5G networks) version 2.1.0 that causes a segmentation fault (a crash when the program tries to access memory it shouldn't). Attackers can exploit this by sending a specially crafted UE Context Modification response (a message in the 5G network setup process) to crash the system and cause a Denial of Service (DoS, making the service unavailable to legitimate users). The underlying issue is improper memory buffer handling (the software doesn't properly check the boundaries of memory it's using).

CVE-2025-30358: Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mes

highvulnerability
security
Mar 27, 2025
CVE-2025-30358

Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.

OWASP Top 10 for LLM is now the GenAI Security Project and promoted to OWASP Flagship status

inforesearchIndustry
security

CVE-2025-2733: A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown

mediumvulnerability
security
Mar 25, 2025
CVE-2025-2733

A critical vulnerability (CVE-2025-2733) was found in mannaandpoem OpenManus up to version 2025.3.13 in the file app/tool/python_execute.py. The vulnerability allows OS command injection (running unauthorized system commands), which can be triggered remotely by someone with login access. The exploit has been publicly disclosed, and the vendor has not responded to early notification.

CVE-2025-1474: In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerabil

mediumvulnerability
security
Mar 20, 2025
CVE-2025-1474

In MLflow (a machine learning workflow tool) version 2.18, administrators can create user accounts without requiring passwords, which violates security best practices and could allow unauthorized access to accounts. This vulnerability is classified under weak password requirements, meaning the system doesn't enforce strong authentication measures.

CVE-2025-1473: A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.

highvulnerability
security
Mar 20, 2025
CVE-2025-1473

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website) exists in the Signup feature of MLflow versions 2.17.0 to 2.20.1, allowing attackers to create unauthorized accounts. This could enable an attacker to perform malicious actions while appearing to be a legitimate user.

CVE-2025-0453: In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can cr

highvulnerability
security
Mar 20, 2025
CVE-2025-0453

MLflow version 2.17.2 has a vulnerability in its `/graphql` endpoint (a web interface for querying data) that allows attackers to perform a denial of service attack (making a service unavailable) by sending large batches of repeated queries. This exhausts all the workers (processes handling requests) that MLflow has available, preventing the application from responding to legitimate requests.

Previous262 / 327Next
Apr 6, 2025

GitHub Copilot can be customized using instructions from a .github/copilot-instructions.md file in your repository, but security researchers at Pillar Security have identified risks with such custom instruction files (similar to risks found in other AI tools like Cursor). GitHub has responded by updating their Web UI to highlight invisible Unicode characters (characters hidden in text that don't display visibly), referencing both the Pillar Security research and concerns about ASCII smuggling (hiding malicious code in plain-text files using character tricks).

Fix: GitHub made a product change to highlight invisible Unicode characters in the Web UI to help users spot suspicious hidden characters in instruction files.

Embrace The Red

Fix: This vulnerability is fixed in BentoML version 1.4.3. Users should upgrade from v1.4.2 to v1.4.3 or later.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Mar 31, 2025

Three major AI companies (OpenAI, Google, and Anthropic) submitted public comments to the U.S. government's request for input on developing an 'AI Action Plan' in response to President Trump's executive order. The companies largely advocated for increased government investment in AI infrastructure and public-private partnerships, though they framed their arguments differently, with OpenAI notably avoiding the term 'AI safety' in its response despite previous public emphasis on the topic.

CAIS AI Safety Newsletter
NVD/CVE Database
NVD/CVE Database

Fix: Users should upgrade to version 0.14.1 to obtain a fix for the issue.

NVD/CVE Database
policy
Mar 26, 2025

OWASP (Open Worldwide Application Security Project, a nonprofit that helps organizations secure their software) has renamed and promoted its OWASP Top 10 for LLM (large language model, an AI trained on massive amounts of text data) project to the OWASP Gen AI Security Project, expanding its focus from just listing AI vulnerabilities to providing broader guidance on governance, risk management, and compliance for generative AI systems. The project now includes over 600 experts from 18 countries and has published new resources like the Agentic AI Threats and Mitigations Guide (addressing security risks in autonomous AI systems) along with translations in six additional languages.

OWASP GenAI Security
NVD/CVE Database

Fix: The issue is fixed in version 2.19.0. Users should upgrade MLflow from version 2.18 to version 2.19.0 or later.

NVD/CVE Database

Fix: A patch is available at https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628.

NVD/CVE Database
NVD/CVE Database