All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A vulnerability in langchain version 0.2.5's GraphCypherQAChain class allows attackers to use prompt injection (tricking an AI by hiding instructions in its input) to perform SQL injection attacks on databases. This can let attackers steal data, delete information, disrupt services, or access data they shouldn't have access to, especially in systems serving multiple users.
CVE-2024-7774 is a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory) in langchain-ai/langchainjs version 0.2.5 that allows attackers to save, overwrite, read, and delete files anywhere on a system. The vulnerability exists in the `getFullPath` method and related functions because they do not properly filter or validate user input before handling file paths.
A vulnerability exists in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 that allows prompt injection (tricking an AI by hiding instructions in its input), which can lead to SQL injection (inserting malicious database commands). This vulnerability could allow attackers to manipulate data, steal sensitive information, delete data to cause service outages, or breach security in systems serving multiple users.
N-LINE version 2.0.6 and earlier contain a code injection vulnerability (CWE-94, a flaw where an attacker can insert malicious code into an application), which could allow attackers to execute arbitrary code on an instructor's browser or redirect them to a malicious website. The vulnerability was reported by JPCERT/CC and assigned CVE-2024-47158 on October 25, 2024.
CVE-2024-48142 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in text sent to an AI) in Monica ChatGPT AI Assistant v2.4.0 that lets attackers steal all chat messages between a user and the AI through a specially crafted message.
A prompt injection vulnerability (tricking an AI by hiding instructions in its input) was found in Monica Your AI Copilot v6.3.0, a ChatGPT-powered browser extension. Attackers can exploit this flaw by sending a specially crafted message to access and steal all chat data between the user and the AI assistant, both from past conversations and future ones.
CVE-2024-48145 is a prompt injection vulnerability (a type of attack where malicious instructions are hidden in text input to an AI system) in Netangular Technologies ChatNet AI Version v1.0 that allows attackers to steal all chat data between users and the AI by sending a specially crafted message. The vulnerability is classified under CWE-77 (improper neutralization of special elements used in commands), meaning the system fails to properly filter dangerous input before processing it.
CVE-2024-48144 is a prompt injection vulnerability (tricking an AI by hiding instructions in its input) in Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 that allows attackers to craft a malicious message in the chatbox to steal all previous and future conversations between the user and the AI assistant. The vulnerability is caused by improper handling of special elements in user input (CWE-77, a weakness in command injection prevention).
CVE-2024-48141 is a prompt injection vulnerability (a technique where an attacker hides malicious instructions in text sent to an AI) in Zhipu AI CodeGeeX version 2.17.0's chatbox. An attacker can craft a message to trick the AI into leaking all previous and future chat conversations between the user and the assistant.
CVE-2024-48139 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in messages sent to an AI) in Blackbox AI version 1.3.95 that allows attackers to steal all chat messages between a user and the AI by sending a specially crafted message. This vulnerability is classified as a command injection flaw (where attackers manipulate input to execute unintended commands).
Cursor is a code editor that uses AI to help with programming. Before September 27, 2024, attackers could trick Cursor's command generation feature into running harmful commands if a user imported a malicious website into the prompt and the attacker used prompt injection (hidden instructions in text that manipulate AI behavior) on that website. A server-side patch was released quickly to block dangerous characters, and Cursor version 0.42 added client-side protections and a new preview box setting that requires manual approval before commands run.
A bug in the Linux kernel's audio sound system (ASoC) incorrectly checked the maximum value for _sx controls (special volume controls where the max field means the number of steps, not the maximum value itself). The bounds check in snd_soc_put_volsw_sx() (a function that validates input values) needed to be fixed to properly check against the actual maximum value instead.
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a system for running safe code inside the kernel) subsystem could leak memory when certain helper functions encounter errors. The fix ensures that pointer arguments are zeroed out when errors occur, preventing sensitive kernel data from being accidentally exposed.
A vulnerability in Affiliator (a WordPress plugin) version 2.1.3 and earlier allows attackers to upload dangerous file types, specifically web shells (malicious scripts that give attackers control of a server). This happens because the plugin does not properly restrict what kinds of files users can upload.
CVE-2024-49361 is a vulnerability in ACON, a machine learning library that performs adaptive correlation optimization. The vulnerability exists in how ACON validates input data, which could allow an attacker to bypass these checks and execute arbitrary code (run commands they shouldn't be able to run) on systems using ACON. Machine learning applications that accept user-provided data are at the highest risk, especially those running on production servers (live systems serving real users).
Gradio, an open-source Python package for building user interfaces, has a cross-site scripting vulnerability (XSS, where malicious code hidden in files runs in users' browsers) that affects servers allowing file uploads. Attackers can upload harmful HTML, JavaScript, or SVG files that execute when other users view or download them, potentially stealing data or compromising accounts.
Gradio, an open-source Python package for building demos, has a vulnerability where the connection between the FRP client and server (fast reverse proxy, a tool that exposes local applications to the internet) isn't encrypted when the `share=True` option is used. This means attackers can intercept and read files uploaded to the server or modify data being sent, putting sensitive information at risk for users sharing Gradio demos publicly online.
Gradio, an open-source Python package for building AI demos, has a race condition (a bug where two operations interfere with each other due to timing) in its configuration function that lets attackers change the backend URL. This could redirect users to a fake server to steal login credentials or uploaded files, especially affecting Gradio servers accessible over the internet.
Gradio, an open-source Python package for building prototypes, has a timing attack vulnerability (a security flaw where an attacker measures how long the system takes to respond to guess different values) in its analytics dashboard hash comparison. An attacker could exploit this by sending many requests and timing the responses to gradually figure out the correct hash and gain unauthorized access to the dashboard.
Fix: A patch is available at https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9
NVD/CVE DatabaseClaude Computer Use is a new AI tool from Anthropic that lets Claude take screenshots and run commands on computers autonomously. The feature carries serious security risks because of prompt injection (tricking an AI by hiding malicious instructions in its input), which could allow attackers to make Claude execute unwanted commands on machines it controls.
Fix: A server-side patch released on September 27, 2024 prevents newlines or control characters from being streamed back. Cursor 0.42 includes client-side mitigations that block newlines or control characters from entering the terminal directly. Users can enable the setting `"cursor.terminal.usePreviewBox"` and set it to `true` to stream responses into a preview box that must be manually accepted before inserting into the terminal. The patch is applied server-side, so no additional action is needed on older versions. Additionally, Cursor's maintainers recommend only including trusted context in prompts as a best practice.
NVD/CVE DatabaseFix: Multiple patches were released to fix this issue. The patches are available at the following kernel.org URLs: 325d94d16e3131b54bdf07356e4cd855e0d853fc, 46bab25cc0230df60d1c02b651cc5640a14b08df, 4a95a49f26308782b4056401989ecd7768fda8fa, 698813ba8c580efb356ace8dbf55f61dac6063a8, 73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce, 98b15c706644bebc19d2e77ccc360cc51444f6d0, b50c9641897274c3faef5f95ac852f54b94be2e8, and e46adadf19248d59af3aa6bc52e09115bf479bf7.
NVD/CVE DatabaseFix: The kernel now zeros the value of former ARG_PTR_TO_{LONG,INT} arguments (pointers to long or integer values) when non-tracing helpers return errors. Additionally, for MTU helper functions, the *mtu_len pointer value is cleared on the error path to prevent uninitialized memory from being readable.
NVD/CVE DatabaseFix: Upgrade to gradio>=5. As a workaround, restrict uploads to non-executable file types (like images or text) and implement server-side validation to sanitize or reject HTML, JavaScript, and SVG files before they are stored or displayed to users.
NVD/CVE DatabaseFix: Users should upgrade to `gradio>=5` to fix this issue. As an alternative, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled (a secure protocol that encrypts communication) to ensure safe data transmission.
NVD/CVE DatabaseFix: Upgrade to gradio>=5 (version 5 or newer). The source notes there are no known workarounds for this issue.
NVD/CVE DatabaseFix: Upgrade to gradio>4.44. Alternatively, before upgrading, developers can manually patch the analytics_dashboard to use a constant-time comparison function (a method that takes the same amount of time regardless of whether the input is correct) for comparing sensitive values like hashes, or disable access to the analytics dashboard entirely.
NVD/CVE Database