All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A vulnerability in PyTorch 2.6.0+cu124 affects the torch.mkldnn_max_pool2d function, a component used for processing image data. The vulnerability can cause a denial of service (making a system unavailable), but requires local access to the machine. The vulnerability's real existence is still disputed.
CVE-2025-26265 is a bug in openairinterface5g (software for 5G networks) version 2.1.0 that causes a segmentation fault (a crash when the program tries to access memory it shouldn't). Attackers can exploit this by sending a specially crafted UE Context Modification response (a message in the 5G network setup process) to crash the system and cause a Denial of Service (DoS, making the service unavailable to legitimate users). The underlying issue is improper memory buffer handling (the software doesn't properly check the boundaries of memory it's using).
Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.
A critical vulnerability (CVE-2025-2733) was found in mannaandpoem OpenManus up to version 2025.3.13 in the file app/tool/python_execute.py. The vulnerability allows OS command injection (running unauthorized system commands), which can be triggered remotely by someone with login access. The exploit has been publicly disclosed, and the vendor has not responded to early notification.
In MLflow (a machine learning workflow tool) version 2.18, administrators can create user accounts without requiring passwords, which violates security best practices and could allow unauthorized access to accounts. This vulnerability is classified under weak password requirements, meaning the system doesn't enforce strong authentication measures.
A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website) exists in the Signup feature of MLflow versions 2.17.0 to 2.20.1, allowing attackers to create unauthorized accounts. This could enable an attacker to perform malicious actions while appearing to be a legitimate user.
MLflow version 2.17.2 has a vulnerability in its `/graphql` endpoint (a web interface for querying data) that allows attackers to perform a denial of service attack (making a service unavailable) by sending large batches of repeated queries. This exhausts all the workers (processes handling requests) that MLflow has available, preventing the application from responding to legitimate requests.
Ollama (an AI model framework) versions 0.3.14 and earlier have a vulnerability where a malicious user can upload a specially crafted GGUF model file (a format for storing AI models) that causes a division by zero error (when code tries to divide a number by zero, crashing the program) in the ggufPadding function, crashing the server and making it unavailable (a Denial of Service attack).
A vulnerability in Ollama (an AI model software) version 0.3.14 and earlier allows an attacker to upload a specially crafted GGUF model file (a format for storing AI models) that tricks the server into using unlimited memory, causing a denial of service (DoS, a situation where a system becomes unavailable to users). The vulnerability stems from the server not properly limiting how much memory it allocates when processing model files.
CVE-2025-0312 is a vulnerability in Ollama (a tool for running AI models locally) versions 0.3.14 and earlier that allows an attacker to upload a malicious GGUF model file (a specific format for storing AI model weights). When the server processes this file, it crashes due to a null pointer dereference (trying to access memory that doesn't contain valid data), which can be exploited remotely to cause a denial of service attack (making the service unavailable to legitimate users).
CVE-2025-0187 is a denial of service (DoS, an attack that makes a service unavailable) vulnerability in Gradio version 0.39.1's file upload feature. An attacker can send a request with an extremely large filename, which the server doesn't handle properly, causing it to become overwhelmed and stop responding to legitimate users.
CVE-2024-9070 is a deserialization vulnerability (a security flaw where untrusted data is converted back into executable code) in BentoML versions 1.3.4.post1 and earlier that affects the runner server component. An attacker can exploit this by setting specific parameters to execute arbitrary code (any commands they choose) on the affected server, causing severe damage.
BentoML version v1.3.4post1 has a vulnerability that allows attackers to cause a denial of service (DoS, making a service unavailable by overwhelming it with requests) by adding extra characters like dashes to the end of a multipart boundary (the delimiter that separates different parts of an HTTP request). This causes the server to waste resources processing these characters repeatedly, and since it requires no authentication or user interaction, it affects all users of the service.
vllm version 0.6.0 has a vulnerability in its RPC server (a system that allows remote programs to request operations) where the _make_handler_coro() function uses cloudpickle.loads() to process incoming messages without checking if they're safe first. An attacker can send malicious serialized data (pickle is a format for converting Python objects into bytes) to execute arbitrary code on the affected system.
CVE-2024-8966 is a vulnerability in Gradio version @gradio/video@0.10.2 that allows attackers to cause a Denial of Service (DoS, when a system becomes unavailable to users) by uploading files with extremely long multipart boundaries (the separators in file upload data). The attack forces the system to continuously process characters and issue warnings, making Gradio inaccessible for extended periods.
A divide by zero vulnerability (a math error where code tries to divide a number by zero, crashing the program) exists in ollama version v0.3.3 that triggers when importing GGUF models (a machine learning model format) with a specially crafted `block_count` value in the Modelfile. This vulnerability can cause a denial of service (DoS, making the server unavailable) by crashing the ollama server when it processes the malicious model.
CVE-2024-8021 is an open redirect vulnerability (a flaw that tricks users into visiting attacker-controlled websites by misusing URL encoding) in the latest version of Gradio, an open-source AI framework. An attacker can exploit this by sending a specially crafted request that causes the application to automatically redirect users (HTTP 302 response) to a malicious site.
The `/openai/models` endpoint in open-webui version 0.3.8 has a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to unintended locations). An attacker can change the OpenAI URL to any address without validation, allowing the endpoint to send requests to that URL and return the response, potentially exposing internal services and secrets.
Fix: Users should upgrade to version 0.14.1 to obtain a fix for the issue.
NVD/CVE DatabaseOWASP (Open Worldwide Application Security Project, a nonprofit that helps organizations secure their software) has renamed and promoted its OWASP Top 10 for LLM (large language model, an AI trained on massive amounts of text data) project to the OWASP Gen AI Security Project, expanding its focus from just listing AI vulnerabilities to providing broader guidance on governance, risk management, and compliance for generative AI systems. The project now includes over 600 experts from 18 countries and has published new resources like the Agentic AI Threats and Mitigations Guide (addressing security risks in autonomous AI systems) along with translations in six additional languages.
Fix: The issue is fixed in version 2.19.0. Users should upgrade MLflow from version 2.18 to version 2.19.0 or later.
NVD/CVE DatabaseFix: A patch is available at https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628.
NVD/CVE DatabaseMLflow version 2.15.1 has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its dbfs service that allows arbitrary file reading. The vulnerability exists because the service only validates the path portion of URLs while ignoring query parameters and other URL components, which attackers can exploit if the dbfs service is configured and mounted to a local directory.
Fix: A patch is available at https://github.com/mlflow/mlflow/commit/7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654
NVD/CVE Database