aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6543 items

CVE-2024-49375: Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the

criticalvulnerability
security
Jan 14, 2025
CVE-2024-49375

A vulnerability in Rasa (an open source machine learning framework) allows an attacker to achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) by loading a malicious model if the HTTP API is enabled and authentication is not properly configured. The vulnerability only affects instances where the API is explicitly enabled (not the default) and lacks proper security controls.

Fix: Upgrade to Rasa version 3.6.21 or later. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access.

NVD/CVE Database

CVE-2024-12606: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerability
security
Jan 10, 2025
CVE-2024-12606

The AI Scribe WordPress plugin (versions up to 2.3) has a vulnerability where it fails to check user permissions before allowing changes to plugin settings. This means that attackers with basic Subscriber-level access can modify the plugin's configuration without proper authorization.

CVE-2024-12473: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerability
security
Jan 10, 2025
CVE-2024-12473

The AI Scribe WordPress plugin (version 2.3 and earlier) has a SQL injection vulnerability (a flaw where attackers can insert malicious database commands) in its article builder feature that allows authenticated users with Contributor-level access to extract sensitive information from the website's database. The vulnerability exists because the plugin doesn't properly clean up user input before using it in database queries.

CVE-2024-12605: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerability
security
Jan 9, 2025
CVE-2024-12605

The AI Scribe WordPress plugin (versions up to 2.3) has a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in admin into unknowingly making changes to the site). Because the plugin fails to properly validate nonces (security tokens that prevent forged requests), an attacker can trick a site administrator into clicking a malicious link that changes the plugin's settings without the admin's knowledge.

CVE-2024-55459: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar fi

mediumvulnerability
security
Jan 8, 2025
CVE-2024-55459

Keras version 3.7.0 has a vulnerability where attackers can write arbitrary files (files placed anywhere on your system) to a user's machine by tricking the get_file function (a tool that downloads files) into downloading a malicious tar file (a compressed file format). This happens because the function doesn't properly verify that downloaded files are legitimate before using them.

CVE-2024-12471: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is

highvulnerability
security
Jan 7, 2025
CVE-2024-12471EPSS: 64.4%

AI Domination: Remote Controlling ChatGPT ZombAI Instances

infonews
securityresearch

CVE-2025-21604: LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5

mediumvulnerability
security
Jan 6, 2025
CVE-2025-21604

LangChain4j-AIDeepin, a RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) project, uses MD5 (a weak cryptographic hashing function) to hash files in versions before 3.5.0, which can cause file upload conflicts when different files produce the same hash value. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.9 and is classified as medium severity.

Microsoft 365 Copilot Generated Images Accessible Without Authentication -- Fixed!

infonews
security
Jan 2, 2025

Microsoft 365 Copilot (a generative AI assistant built into Microsoft 365) had a security issue where generated images could be accessed without authentication (meaning anyone could view them without logging in). The issue has been fixed. The article also mentions that system prompts (the hidden instructions that guide an AI's behavior) for this tool have been updated over time, including changes to how it accesses enterprise search features.

CVE-2024-56137: MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large

mediumvulnerability
security
Jan 2, 2025
CVE-2024-56137

CVE-2024-56137 is a remote command execution vulnerability (a flaw that lets attackers run system commands from a distance) in MaxKB, an open source knowledge base system that uses RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions). Before version 1.9.0, privileged users could execute operating system commands through custom scripts, but this weakness has been patched in the newer version.

CVE-2024-56516: free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API f

highvulnerability
security
Dec 30, 2024
CVE-2024-56516

free-one-api, a tool that lets users access large language model reverse engineering libraries (code or techniques to understand how AI models work) through OpenAI's API format, uses MD5 (a password hashing algorithm, or mathematical function to scramble passwords) to protect user passwords in versions 1.0.1 and earlier. MD5 is cryptographically broken (mathematically compromised and no longer secure), making it vulnerable to collision attacks (where attackers can forge different inputs that produce the same hash) and easy to crack with modern computers, putting user credentials at risk.

CVE-2024-56800: Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions pr

highvulnerability
security
Dec 30, 2024
CVE-2024-56800

Firecrawl, a web scraper that extracts webpage content for large language models, had a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted requests to internal networks) in versions before 1.1.1 that could expose local network resources. The cloud service was patched on December 27th, 2024, and the open-source version was patched on December 29th, 2024, with no user data exposed.

CVE-2024-56756: In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table

mediumvulnerability
security
Dec 29, 2024
CVE-2024-56756

A bug in the Linux kernel's NVMe (a fast storage protocol) driver could cause incorrect memory cleanup when the system fails to allocate enough memory for a descriptor table (a list telling the hardware where data is located). The bug doesn't usually cause visible problems because most systems allocate memory in large chunks, but it represents a memory management error that could cause issues in specific scenarios.

CVE-2024-56702: In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arg

mediumvulnerability
security
Dec 28, 2024
CVE-2024-56702

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a framework for running sandboxed programs in the kernel) verifier was causing it to incorrectly assume that raw tracepoint arguments (data passed to certain kernel monitoring hooks) could never be NULL, leading the verifier to delete necessary NULL checks and potentially crash the kernel. The fix marks these arguments as PTR_MAYBE_NULL (pointers that might be null) and adds special handling to allow safe operations on them, including enabling PROBE_MEM marking (a safer memory access mode) when loading from these pointers.

CVE-2024-11896: The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-S

mediumvulnerability
security
Dec 24, 2024
CVE-2024-11896

A WordPress plugin called Text Prompter is vulnerable to stored cross-site scripting (XSS, a type of attack where harmful code is hidden in web pages and runs when users visit them) in all versions up to 1.0.7. Attackers with contributor-level access or higher can inject malicious scripts through the plugin's shortcode feature because the plugin does not properly filter or secure user input.

Trust No AI: Prompt Injection Along the CIA Security Triad Paper

infonews
securityresearch

Security ProbLLMs in xAI's Grok: A Deep Dive

infonews
securityresearch

Job Opportunities at the European AI Office for Legal and Policy Backgrounds

inforegulatory
policy
Dec 16, 2024

The European Commission is hiring Legal and Policy Officers for the European AI Office to help develop trustworthy AI policies and legislation. Applicants need at least three years of experience in EU digital policy or legislation, relevant degrees, and fluency in EU languages, with applications due by January 15, 2025.

CVE-2024-54306: Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot all

mediumvulnerability
security
Dec 13, 2024
CVE-2024-54306

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into making unwanted requests on a website they're logged into) was found in the KCT AIKCT Engine Chatbot plugin affecting versions up to 1.6.2. The vulnerability allows attackers to perform unauthorized actions by exploiting this weakness in how the chatbot handles user requests.

CVE-2024-12236: A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for imag

mediumvulnerability
security
Dec 10, 2024
CVE-2024-12236

A security vulnerability in Google's Vertex Gemini API (a generative AI service) affects customers using VPC-SC (VPC Service Controls, a security tool that restricts data leaving a virtual private network). An attacker could craft a malicious file path that tricks the API into sending image data outside the security perimeter, bypassing the intended protections.

Previous268 / 328Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

A WordPress plugin called 'The Post Saint' (used to generate AI text and images) has a security flaw in versions up to 1.3.1 where it fails to check user permissions and validate file types when uploading files. This allows attackers with basic user accounts to upload malicious files that could let them execute arbitrary code (RCE, running unauthorized commands) on the website.

NVD/CVE Database
Jan 6, 2025

A security researcher demonstrated at Black Hat Europe how prompt injection (tricking an AI by hiding instructions in its input) can be used to create a Command and Control system (C2, a central server that remotely directs compromised systems) that remotely controls multiple ChatGPT instances. An attacker could compromise ChatGPT instances and force them to follow updated instructions from this central C2 system, potentially impacting all aspects of the CIA security triad (confidentiality, integrity, and availability of data).

Embrace The Red

Fix: Update to version 3.5.0 or later. According to the source, 'This issue is fixed in 3.5.0.'

NVD/CVE Database
Embrace The Red

Fix: The vulnerability has been fixed in v1.9.0.

NVD/CVE Database
NVD/CVE Database

Fix: All open-source Firecrawl users should upgrade to v1.1.1. For the unpatched playwright services, users should configure a secure proxy by setting the `PROXY_SERVER` environment variable and ensure the proxy is configured to block all traffic to link-local IP addresses (see documentation for setup instructions).

NVD/CVE Database
NVD/CVE Database

Fix: Mark raw_tp arguments as PTR_MAYBE_NULL and special case the dereference and pointer arithmetic to permit it. Enable PROBE_MEM marking when loads occur into trusted pointers with PTR_MAYBE_NULL. Do not apply this adjustment when ref_obj_id > 0, as acquired objects don't need such adjustment. Update the tp_btf_nullable selftest to reflect the new verifier behavior that no longer causes errors when directly dereferencing a raw tracepoint argument marked as __nullable.

NVD/CVE Database
NVD/CVE Database
Dec 23, 2024

A new research paper examines prompt injection attacks (tricks where hidden instructions in user inputs manipulate AI systems) and how they can compromise the CIA triad (confidentiality, integrity, and availability, the three core principles of security). The paper includes real-world examples of these attacks against major AI vendors like OpenAI, Google, Anthropic, and Microsoft, and aims to help traditional cybersecurity experts better understand and defend against these emerging AI-specific threats.

Embrace The Red
Dec 16, 2024

A security researcher analyzed xAI's Grok chatbot (an AI assistant available through X and an API) for vulnerabilities and found multiple security issues, including prompt injection (tricking the AI by hiding instructions in user posts, images, and PDFs), data exfiltration (stealing information from the system), phishing attacks through clickable links, and ASCII smuggling (hiding invisible text to manipulate the AI's behavior). The researcher responsibly disclosed these findings to xAI.

Embrace The Red
EU AI Act Updates
NVD/CVE Database

Fix: Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. No further fix actions are needed.

NVD/CVE Database