aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6543 items

Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection

mediumnews
securityresearch
Dec 6, 2024

LLMs (large language models) can output ANSI escape codes (special control characters that modify how terminal emulators display text and behave), and when LLM-powered applications print this output to a terminal without filtering it, attackers can use prompt injection (tricking an AI by hiding instructions in its input) to make the terminal execute harmful commands like clearing the screen, hiding text, or stealing clipboard data. The vulnerability affects LLM-integrated command-line tools and applications that don't properly handle or encode these control characters before displaying LLM output.

Embrace The Red

DeepSeek AI: From Prompt Injection To Account Takeover

highnews
security
Nov 29, 2024

A researcher discovered that DeepSeek-R1-Lite, a new AI reasoning model, is vulnerable to prompt injection (tricking an AI by hiding instructions in its input) combined with XSS (cross-site scripting, where malicious code runs in a user's browser). By uploading a specially crafted document with base64-encoded malicious code, an attacker could trick the AI into executing JavaScript that steals a user's session token (a credential stored in browser memory that proves who you are), leading to complete account takeover.

CVE-2024-53260: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first a

mediumvulnerability
security
Nov 27, 2024
CVE-2024-53260

Autolab, a course management system for auto-graded programming assignments, has a vulnerability where students can insert spreadsheet formulas (like those used in Excel) into their first or last names. When instructors download and open the course roster, these formulas execute and can leak student information by sending it to remote servers. The vulnerability has been patched in the source code repository.

CVE-2024-32965: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnera

highvulnerability
security
Nov 26, 2024
CVE-2024-32965

Lobe Chat, an open-source AI chat framework, has a vulnerability in versions before 1.19.13 that allows attackers to perform SSRF (server-side request forgery, where an attacker tricks a server into making unauthorized requests to other systems) without logging in. Attackers can exploit this to scan internal networks and steal sensitive information like API keys stored in authentication headers.

CVE-2024-49038: Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorize

criticalvulnerability
security
Nov 26, 2024
CVE-2024-49038

CVE-2024-49038 is a cross-site scripting (XSS, a type of attack where malicious code is injected into a webpage to trick users) vulnerability in Microsoft Copilot Studio that allows an unauthorized attacker to gain elevated privileges over a network by exploiting improper handling of user input during webpage generation.

CVE-2024-53258: Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 o

mediumvulnerability
security
Nov 25, 2024
CVE-2024-53258

Autolab is a course management system that automatically grades programming assignments. A vulnerability in versions 3.0.0 and later allows any logged-in student to download all submissions from other students or even instructor test files using the download_all_submissions feature, potentially exposing private coursework to unauthorized people.

CVE-2024-27134: Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be

highvulnerability
security
Nov 25, 2024
CVE-2024-27134

MLflow has a vulnerability (CVE-2024-27134) where directories have overly permissive access settings, allowing a local attacker to gain elevated permissions through a ToCToU attack (a race condition where an attacker exploits the gap between when a program checks permissions and when it uses a resource). This only affects code using the spark_udf() MLflow API.

CVE-2024-11394: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnera

highvulnerability
security
Nov 22, 2024
CVE-2024-11394EPSS: 59.4%

CVE-2024-11393: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v

highvulnerability
security
Nov 22, 2024
CVE-2024-11393EPSS: 76.1%

CVE-2024-11392: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulner

highvulnerability
security
Nov 22, 2024
CVE-2024-11392EPSS: 53.1%

CVE-2024-52803: LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has bee

highvulnerability
security
Nov 21, 2024
CVE-2024-52803

LLama Factory, a tool for fine-tuning large language models (AI systems trained on specific tasks or data), has a critical vulnerability that lets attackers run arbitrary commands on the computer running it. The flaw comes from unsafe handling of user input, specifically using a Python function called `Popen` with `shell=True` (a setting that interprets input as system commands) without checking or cleaning the input first.

CVE-2024-48530: An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a D

highvulnerability
security
Nov 20, 2024
CVE-2024-48530

CVE-2024-48530 is a vulnerability in eSoft Planner version 3.24.08271-USA that allows attackers to cause a DoS (denial of service, where a system becomes unavailable to legitimate users) through a specially crafted POST request (a type of web request) sent to the Instructor Appointment Availability module. The vulnerability stems from CWE-770, which means the software fails to limit resource allocation, allowing attackers to exhaust system resources.

CVE-2024-52445: Deserialization of Untrusted Data vulnerability in Modeltheme QRMenu Restaurant QR Menu Lite allows Object Injection.Thi

highvulnerability
security
Nov 20, 2024
CVE-2024-52445

CVE-2024-52445 is a deserialization of untrusted data vulnerability (a flaw where a program processes data from an untrusted source without checking it, potentially allowing an attacker to manipulate the program) in the Modeltheme QRMenu Restaurant QR Menu Lite plugin that affects versions up to 1.0.3. This vulnerability allows object injection (an attack where malicious data tricks the program into creating unintended objects).

CVE-2024-53071: In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Be stricter about IO mapping flags Th

mediumvulnerability
security
Nov 19, 2024
CVE-2024-53071

A vulnerability in the Linux kernel's panthor graphics driver allows userspace to make memory mappings writable after creation through mprotect(), and to create copy-on-write mappings that can cause system crashes. The issue occurs because the driver doesn't properly restrict VM_MAYWRITE (a flag controlling whether memory can be made writable later) and doesn't require VM_SHARED (a flag indicating shared memory semantics) when mapping GPU flush registers.

The AI Office is hiring a Lead Scientific Advisor for AI

inforegulatory
policy
Nov 19, 2024

The European AI Office posted a job opening for a Lead Scientific Advisor for AI, responsible for ensuring scientific rigor in testing and evaluating general-purpose AI (large AI models trained on broad data that can handle many tasks) models and leading the office's scientific approach to AI safety. The position required EU citizenship, at least 15 years of professional experience, and fluency in EU languages, with an application deadline of December 13, 2024.

CVE-2024-52585: Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vuln

mediumvulnerability
security
Nov 18, 2024
CVE-2024-52585

Autolab, a service that manages programming courses and automatically grades assignments, has an HTML injection vulnerability (a flaw where untrusted data is inserted as HTML, potentially allowing attackers to inject malicious code) in version 3.0.1 that affects instructors and course assistants viewing grade submissions. The vulnerability allows attackers to execute cross-site scripting (XSS, where malicious scripts run in a user's browser without their knowledge).

CVE-2024-51743: MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitr

highvulnerability
security
Nov 18, 2024
CVE-2024-51743

MarkUs (a web application for student assignment submission and grading) has a vulnerability in versions before 2.4.8 that allows authenticated instructors to write files anywhere on the web server, potentially leading to remote code execution (the ability to run commands on a system from a distance). This happens because the file upload methods don't properly restrict where files can be saved.

CVE-2024-47820: MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in vers

mediumvulnerability
security
Nov 18, 2024
CVE-2024-47820

MarkUs, a web application for submitting and grading student assignments, has a path traversal vulnerability (a security flaw that lets attackers access files outside the intended directory) in versions before 2.4.8. Authenticated instructors can download any file on the server, depending on file permissions. The vulnerability affects how the application limits access to files.

OWASP Top 10 for Large Language Model Applications - 2025

inforegulatory
securitypolicy

CVE-2024-24446: An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Ser

mediumvulnerability
security
Nov 15, 2024
CVE-2024-24446

CVE-2024-24446 is a vulnerability in OpenAirInterface CN5G AMF (a network component that manages connections in 5G systems) up to version 2.0.0 where an uninitialized pointer dereference (using a memory address that hasn't been properly set up) allows attackers to crash the system by sending a specially crafted message. This vulnerability can cause a Denial of Service (DoS, making the system unavailable to legitimate users).

Previous269 / 328Next
Embrace The Red

Fix: According to the source, users are advised to manually patch their systems or wait for the next release. The fix is expected to be released in the next version. No known workarounds are available.

NVD/CVE Database

Fix: Upgrade to lobe-chat version 1.19.13 or later. According to the source, 'This issue has been addressed in release version 1.19.13 and all users are advised to upgrade.' There are no known workarounds for this vulnerability.

NVD/CVE Database
NVD/CVE Database

Fix: The issue has been patched in commit `1aa4c769`, which is expected to be included in version 3.0.3. Users can either manually patch their installation or wait for version 3.0.3 to be released. As an immediate temporary workaround, administrators can disable the download_all_submissions feature.

NVD/CVE Database

Fix: A patch is available at https://github.com/mlflow/mlflow/pull/10874, though the source does not specify which MLflow version contains the fix.

NVD/CVE Database

A security flaw in Hugging Face Transformers allows attackers to run arbitrary code (RCE, remote code execution) on a user's computer by tricking them into opening a malicious file or visiting a malicious webpage. The vulnerability happens because the software doesn't properly validate data when loading model files, allowing untrusted data to be deserialized (converted from storage format back into a running program).

NVD/CVE Database

A vulnerability in Hugging Face Transformers' MaskFormer model allows attackers to run arbitrary code (RCE, or remote code execution) on a user's computer if they visit a malicious webpage or open a malicious file. The flaw occurs because the model file parser doesn't properly validate user-supplied data before deserializing it (converting saved data back into working code), allowing attackers to inject and execute malicious code.

NVD/CVE Database

Hugging Face Transformers MobileViTV2 has a vulnerability where attackers can execute arbitrary code (running commands they choose) by tricking users into visiting malicious pages or opening malicious files that contain specially crafted configuration files. The flaw happens because the software doesn't properly check (validate) data before deserializing it (converting it from stored format back into usable code), allowing untrusted data to be executed.

NVD/CVE Database

Fix: This vulnerability is fixed in version 0.9.1.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Clear the VM_MAYWRITE flag and require VM_SHARED when handling DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET mappings. The patch restricts both userspace's ability to change permissions via mprotect() and prevents unsupported copy-on-write semantics for this memory region.

NVD/CVE Database
EU AI Act Updates

Fix: Update to version 3.0.2, which patches the vulnerability. Alternatively, manually edit line 589 in the file `gradesheet.js.erb` to treat feedback as plain text rather than HTML code.

NVD/CVE Database

Fix: Upgrade to MarkUs v2.4.8 or later. The source states: 'MarkUs v2.4.8 has addressed this issue' and notes that 'no known workarounds are available at the application level aside from upgrading.'

NVD/CVE Database

Fix: Upgrade to MarkUs v2.4.8 or later. The source states: 'MarkUs v2.4.8 has addressed this issue' and notes that 'No known workarounds are available at the application level aside from upgrading.'

NVD/CVE Database
Nov 18, 2024

This is the official 2025 release of the OWASP Top 10 for Large Language Model Applications, which is a ranked list of the most critical security risks affecting AI systems. The document provides guidance on the biggest threats that developers should be aware of when building or using LLM-based applications (software built around large language models, which are AI systems trained on vast amounts of text).

OWASP LLM Top 10
NVD/CVE Database