aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6530 items

CVE-2025-2953: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is t

lowvulnerability
security
Mar 30, 2025
CVE-2025-2953

A vulnerability in PyTorch 2.6.0+cu124 affects the torch.mkldnn_max_pool2d function, a component used for processing image data. The vulnerability can cause a denial of service (making a system unavailable), but requires local access to the machine. The vulnerability's real existence is still disputed.

NVD/CVE Database

CVE-2025-26265: A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE C

mediumvulnerability
security
Mar 27, 2025
CVE-2025-26265

CVE-2025-26265 is a bug in openairinterface5g (software for 5G networks) version 2.1.0 that causes a segmentation fault (a crash when the program tries to access memory it shouldn't). Attackers can exploit this by sending a specially crafted UE Context Modification response (a message in the 5G network setup process) to crash the system and cause a Denial of Service (DoS, making the service unavailable to legitimate users). The underlying issue is improper memory buffer handling (the software doesn't properly check the boundaries of memory it's using).

CVE-2025-30358: Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mes

highvulnerability
security
Mar 27, 2025
CVE-2025-30358

Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.

OWASP Top 10 for LLM is now the GenAI Security Project and promoted to OWASP Flagship status

inforesearchIndustry
security

CVE-2025-2733: A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown

mediumvulnerability
security
Mar 25, 2025
CVE-2025-2733

A critical vulnerability (CVE-2025-2733) was found in mannaandpoem OpenManus up to version 2025.3.13 in the file app/tool/python_execute.py. The vulnerability allows OS command injection (running unauthorized system commands), which can be triggered remotely by someone with login access. The exploit has been publicly disclosed, and the vendor has not responded to early notification.

CVE-2025-1474: In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerabil

mediumvulnerability
security
Mar 20, 2025
CVE-2025-1474

In MLflow (a machine learning workflow tool) version 2.18, administrators can create user accounts without requiring passwords, which violates security best practices and could allow unauthorized access to accounts. This vulnerability is classified under weak password requirements, meaning the system doesn't enforce strong authentication measures.

CVE-2025-1473: A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.

highvulnerability
security
Mar 20, 2025
CVE-2025-1473

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website) exists in the Signup feature of MLflow versions 2.17.0 to 2.20.1, allowing attackers to create unauthorized accounts. This could enable an attacker to perform malicious actions while appearing to be a legitimate user.

CVE-2025-0453: In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can cr

highvulnerability
security
Mar 20, 2025
CVE-2025-0453

MLflow version 2.17.2 has a vulnerability in its `/graphql` endpoint (a web interface for querying data) that allows attackers to perform a denial of service attack (making a service unavailable) by sending large batches of repeated queries. This exhausts all the workers (processes handling requests) that MLflow has available, preventing the application from responding to legitimate requests.

CVE-2025-0317: A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model

highvulnerability
security
Mar 20, 2025
CVE-2025-0317

Ollama (an AI model framework) versions 0.3.14 and earlier have a vulnerability where a malicious user can upload a specially crafted GGUF model file (a format for storing AI models) that causes a division by zero error (when code tries to divide a number by zero, crashing the program) in the ggufPadding function, crashing the server and making it unavailable (a Denial of Service attack).

CVE-2025-0315: A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to t

highvulnerability
security
Mar 20, 2025
CVE-2025-0315

A vulnerability in Ollama (an AI model software) version 0.3.14 and earlier allows an attacker to upload a specially crafted GGUF model file (a format for storing AI models) that tricks the server into using unlimited memory, causing a denial of service (DoS, a situation where a system becomes unavailable to users). The vulnerability stems from the server not properly limiting how much memory it allocates when processing model files.

CVE-2025-0312: A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that,

highvulnerability
security
Mar 20, 2025
CVE-2025-0312

CVE-2025-0312 is a vulnerability in Ollama (a tool for running AI models locally) versions 0.3.14 and earlier that allows an attacker to upload a malicious GGUF model file (a specific format for storing AI model weights). When the server processes this file, it crashes due to a null pointer dereference (trying to access memory that doesn't contain valid data), which can be exploited remotely to cause a denial of service attack (making the service unavailable to legitimate users).

CVE-2025-0187: A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. T

mediumvulnerability
security
Mar 20, 2025
CVE-2025-0187

CVE-2025-0187 is a denial of service (DoS, an attack that makes a service unavailable) vulnerability in Gradio version 0.39.1's file upload feature. An attacker can send a request with an extremely large filename, which the server doesn't handle properly, causing it to become overwhelmed and stop responding to legitimate users.

CVE-2024-9070: A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting

highvulnerability
security
Mar 20, 2025
CVE-2024-9070

CVE-2024-9070 is a deserialization vulnerability (a security flaw where untrusted data is converted back into executable code) in BentoML versions 1.3.4.post1 and earlier that affects the runner server component. An attacker can exploit this by setting specific parameters to execute arbitrary code (any commands they choose) on the affected server, causing severe damage.

CVE-2024-9056: BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by app

mediumvulnerability
security
Mar 20, 2025
CVE-2024-9056

BentoML version v1.3.4post1 has a vulnerability that allows attackers to cause a denial of service (DoS, making a service unavailable by overwhelming it with requests) by adding extra characters like dashes to the end of a multipart boundary (the delimiter that separates different parts of an HTTP request). This causes the server to waste resources processing these characters repeatedly, and since it requires no authentication or user interaction, it affects all users of the service.

CVE-2024-9053: vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core

criticalvulnerability
security
Mar 20, 2025
CVE-2024-9053

vllm version 0.6.0 has a vulnerability in its RPC server (a system that allows remote programs to request operations) where the _make_handler_coro() function uses cloudpickle.loads() to process incoming messages without checking if they're safe first. An attacker can send malicious serialized data (pickle is a format for converting Python objects into bytes) to execute arbitrary code on the affected system.

CVE-2024-8966: A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Serv

highvulnerability
security
Mar 20, 2025
CVE-2024-8966

CVE-2024-8966 is a vulnerability in Gradio version @gradio/video@0.10.2 that allows attackers to cause a Denial of Service (DoS, when a system becomes unavailable to users) by uploading files with extremely long multipart boundaries (the separators in file upload data). The attack forces the system to continuously process characters and issue warnings, making Gradio inaccessible for extended periods.

CVE-2024-8859: A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, co

mediumvulnerability
security
Mar 20, 2025
CVE-2024-8859EPSS: 26.9%

CVE-2024-8063: A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF mode

highvulnerability
security
Mar 20, 2025
CVE-2024-8063

A divide by zero vulnerability (a math error where code tries to divide a number by zero, crashing the program) exists in ollama version v0.3.3 that triggers when importing GGUF models (a machine learning model format) with a specially crafted `block_count` value in the Modelfile. This vulnerability can cause a denial of service (DoS, making the server unavailable) by crashing the ollama server when it processes the malicious model.

CVE-2024-8021: An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker t

mediumvulnerability
security
Mar 20, 2025
CVE-2024-8021

CVE-2024-8021 is an open redirect vulnerability (a flaw that tricks users into visiting attacker-controlled websites by misusing URL encoding) in the latest version of Gradio, an open-source AI framework. An attacker can exploit this by sending a specially crafted request that causes the application to automatically redirect users (HTTP 302 response) to a malicious site.

CVE-2024-7959: The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF)

highvulnerability
security
Mar 20, 2025
CVE-2024-7959

The `/openai/models` endpoint in open-webui version 0.3.8 has a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to unintended locations). An attacker can change the OpenAI URL to any address without validation, allowing the endpoint to send requests to that URL and return the response, potentially exposing internal services and secrets.

Previous263 / 327Next
NVD/CVE Database

Fix: Users should upgrade to version 0.14.1 to obtain a fix for the issue.

NVD/CVE Database
policy
Mar 26, 2025

OWASP (Open Worldwide Application Security Project, a nonprofit that helps organizations secure their software) has renamed and promoted its OWASP Top 10 for LLM (large language model, an AI trained on massive amounts of text data) project to the OWASP Gen AI Security Project, expanding its focus from just listing AI vulnerabilities to providing broader guidance on governance, risk management, and compliance for generative AI systems. The project now includes over 600 experts from 18 countries and has published new resources like the Agentic AI Threats and Mitigations Guide (addressing security risks in autonomous AI systems) along with translations in six additional languages.

OWASP GenAI Security
NVD/CVE Database

Fix: The issue is fixed in version 2.19.0. Users should upgrade MLflow from version 2.18 to version 2.19.0 or later.

NVD/CVE Database

Fix: A patch is available at https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

MLflow version 2.15.1 has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its dbfs service that allows arbitrary file reading. The vulnerability exists because the service only validates the path portion of URLs while ignoring query parameters and other URL components, which attackers can exploit if the dbfs service is configured and mounted to a local directory.

Fix: A patch is available at https://github.com/mlflow/mlflow/commit/7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database